TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Dust handling in TGLD Distribution to teamGnosis when no distribution is set in `TempleGold` Contract

merlinboii

Summary

In TempleGold contract, setDistributionParams() can be executed with 0 value for a parameter eg. params.gnosis -

This is intentional to freely distribute minted TGLD to staking and dai gold auction only.

However, when params.gnosis is set to 0, any leftover dust from rounding down the minting amount still goes to teamGnosis.

Vulnerability Details

When params.gnosis is set to 0 in setDistributionParams(), the contract does not correctly handle leftover dust from the rounding down of minting amounts in the TempleGold._distribute().

// TempleGold.sol
/**
* mintAmount = 990000000000000000102
* DISTRIBUTION_DIVISOR = 100e18 = 1e20 //100%
* params.staking = 40e18 // 40%
* params.escrow = 60e18 //60%
* params.gnosis = 0 // no distribution
*/
function _distribute(DistributionParams storage params, uint256 mintAmount) private {
uint256 stakingAmount = TempleMath.mulDivRound(params.staking, mintAmount, DISTRIBUTION_DIVISOR, false);
// stakingAmount = (40e18 * 990000000000000000102) / 100e18 = 396000000000000000040
if (stakingAmount > 0) {
_mint(address(staking), stakingAmount);
staking.notifyDistribution(stakingAmount);
}
uint256 escrowAmount = TempleMath.mulDivRound(params.escrow, mintAmount, DISTRIBUTION_DIVISOR, false);
// escrowAmount = (60e18 * 990000000000000000102) / 100e18 = 594000000000000000061
if (escrowAmount > 0) {
_mint(address(escrow), escrowAmount);
escrow.notifyDistribution(escrowAmount);
}
uint256 gnosisAmount = mintAmount - stakingAmount - escrowAmount;
// gnosisAmount = 990000000000000000102 - 396000000000000000040 - 594000000000000000061 = 1
if (gnosisAmount > 0) { // EXECUTED
_mint(teamGnosis, gnosisAmount);
/// @notice no requirement to notify gnosis because no action has to be taken
}
_totalDistributed += mintAmount;
emit Distributed(stakingAmount, escrowAmount, gnosisAmount, block.timestamp);
}

Impact

This vulnerability allows extra TGLD tokens to accumulate with teamGnosis, unintended by the contract's design.

It may lead to a loss of control over token supply and impact the intended fairness of token distribution.

Tools Used

  • Manual Review

Recommendations

Update the TempleGold._distribute() to handle leftover dust from rounding down minting amounts correctly.

// TempleGold.sol
function _distribute(DistributionParams storage params, uint256 mintAmount) private {
uint256 stakingAmount = TempleMath.mulDivRound(params.staking, mintAmount, DISTRIBUTION_DIVISOR, false);
if (stakingAmount > 0) {
_mint(address(staking), stakingAmount);
staking.notifyDistribution(stakingAmount);
}
- uint256 escrowAmount = TempleMath.mulDivRound(params.escrow, mintAmount, DISTRIBUTION_DIVISOR, false);
+ uint256 escrowAmount = params.gnosis != 0 ? TempleMath.mulDivRound(params.escrow, mintAmount, DISTRIBUTION_DIVISOR, false): mintAmount - stakingAmount;
if (escrowAmount > 0) {
_mint(address(escrow), escrowAmount);
escrow.notifyDistribution(escrowAmount);
}
uint256 gnosisAmount = mintAmount - stakingAmount - escrowAmount;
if (gnosisAmount > 0) {
_mint(teamGnosis, gnosisAmount);
/// @notice no requirement to notify gnosis because no action has to be taken
}
_totalDistributed += mintAmount;
emit Distributed(stakingAmount, escrowAmount, gnosisAmount, block.timestamp);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

dust amount gets minted to teamGnosis

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.