TempleGold

TempleDAO

Foundry

25,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Votes might be lost if they haven't been delegated previously in `TempleGoldStaking::stakeFor` and `TempleGoldStaking::_withdrawFor`

irondevx

Summary

If user hasn't delegated their votes before, TempleGoldStaking::stakeFor and TempleGoldStaking::_withdrawFor pass an undefined delegate value delegates[_for] to the TempleGoldStaking::_moveDelegates. As a result, the delegate value is address(0) unless it has been previously set with TempleGoldStaking::delegate, which may lead to incorrect delegation of votes or missing delegation functionality.

Vulnerability Details

Let's take TempleGoldStaking::stakeFor as an example (same applies for TempleGoldStaking::_withdrawFor):

function stakeFor(address _for, uint256 _amount) public whenNotPaused {

// Previous code...

@> _moveDelegates(address(0), delegates[_for], _amount);

}

However, delegates[_for] might've not been set prior to this function call, so it defaults to address(0). This results in TempleGoldStaking::_moveDelegates not correctly moving the delegation, potentially causing voting power issues.

Impact

Voting power may not be accurately transferred or assigned.

Tools Used

Manual code review

Recommendations

Ensure that delegates[_for] is properly set before calling _moveDelegates, if it hasn't been set before.

function stakeFor(address _for, uint256 _amount) public whenNotPaused {

if (_amount == 0) revert CommonEventsAndErrors.ExpectedNonZero();

// pull tokens and apply stake

stakingToken.safeTransferFrom(msg.sender, address(this), _amount);

uint256 _lastIndex = _accountLastStakeIndex[_for];

_accountLastStakeIndex[_for] = ++_lastIndex;

_applyStake(_for, _amount, _lastIndex);

+ if (delegates[_for] == address(0)) {

+ delegates[_for] = _for;

+ }

_moveDelegates(address(0), delegates[_for], _amount);

}

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Appeal created

irondevx Submitter

over 1 year ago

inallhonesty Lead Judge

over 1 year ago

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

25,000 USDC

nSLOC

998

25 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Judges

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.