The `TempleGoldStaking` contract as migrator does not have a way to call `migrateWithdraw`
Summary
The migrator, which is a new TempleGoldStaking contract, does not have any ways to invoke migrateWithdraw function to migrate funds from the to-be-migrated TempleGoldStaking contract.
Vulnerability Details
As stated in documentation and code comments, in case of Temple Gold changes, a new staking contract may be deployed, and the protocol would need to migrate assets in this old staking contract to the new one. The migrator address, which will be this new staking contract, and it will call migrateWithdraw function in the old staking contract to transfer assets for a user's stake to itself as migration. The issue is that, in the staking contract, there is no entry to call migrateWithdraw anywhere, which means, even if the new staking contract is set as migrator in the old one, it still cannot migrate assets.
Surely, the protocol can set migrate to EOA, which then calls migrateWithdraw, but this defies the design, which is the migrator will be the new staking contract.
Impact
The migration logic is broken, assets cannot be migrated by the new staking contract.
Tools Used
Manual review
Recommendations
Implement migration logic in staking contract.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.