Unsafe Type Casting in FjordStaking::getEpoch Function
Summary
In the getEpoch function of the FjordStaking contract, there is a potential issue due to unsafe type casting from uint256 to uint16. This casting could lead to unintended behavior, particularly when dealing with large numbers, which could result in overflow errors. If not addressed, this vulnerability might cause incorrect epoch calculations and could impact the correct functioning of the staking and reward distribution mechanisms.
Vulnerability Details
The function casts the result of the calculation ( _timestamp - startTime ) / epochDuration from uint256 to uint16 without any checks to ensure the value fits within the uint16 range. This could lead to an overflow if the calculated epoch number exceeds 65535 (the maximum value for a uint16).
Impact
If the calculated epoch value exceeds the maximum limit for a uint16, the type casting will truncate the value, leading to incorrect epoch numbers. This could result in incorrect reward distributions, as the contract might reference the wrong epoch. Potential loss of user funds due to miscalculated reward claims or staking periods.
Tools Used
Manual Review
Recommendations
Use Safe Casting: Implement OpenZeppelin’s SafeCast library to safely cast the result from uint256 to uint16. This will prevent unexpected overflows by reverting the transaction if the value exceeds the uint16 range.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.