Incorrect comparison for minimum rewards in reward distribution logic
Summary
TempleGoldStaking::distributeRewards contains an incorrect comparison that checks if the reward amount is less than the reward duration. This comparison is conceptually incorrect as it compares an amount of tokens to a time duration, potentially leading to undesired behavior in the reward distribution process.
Vulnerability Details
In the TempleGoldStaking::distributeRewards function, the following line of code is intended to prevent the distribution of trivial or negligible reward amounts:
However, this line compares rewardAmount (a quantity of tokens) to rewardDuration (a time duration), which is conceptually incorrect and can lead to improper handling of reward distribution.
Also, given the fact that the rewardDuration is most likely going to be measured in weeks, which is an increment of 604800 seconds, it will use that value as the number of wei for comparison, which in case of rewardDuration = 1 weeks produces 0.0000000000006048 ether worth of tokens in the other side of the comparison. This is considered a dust amount and is most likely not enough to meaningfully distribute between multiple users.
Impact
The incorrect comparison can lead to scenarios where trivial amounts of rewards are distributed, which might be inefficient or meaningless.
Tools Used
Manual code review
Recommendations
To ensure that only significant reward amounts are distributed, we recommend defining a minimum reward amount threshold and adjusting the check accordingly. Here is the suggested revision:
where the MINIMUM_REWARD_AMOUNT is a preset minimum value, which could also be updatable instead of constant.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.