TempleGold

TempleDAO

Foundry

25,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Centralization Risk in Reward Distribution Mechanism

nexarion

Summary

The TempleGoldStaking contract implements a centralized reward distribution mechanism that relies on a single distributionStarter address or allows unrestricted access if set to zero. This design introduces a significant centralization risk that could potentially disrupt the reward distribution process, affecting all stakers in the system.

Vulnerability Details

The distributeRewards() function, which is crucial for distributing rewards to stakers, is gated by the distributionStarter address:

https://github.com/Cyfrin/2024-07-templegold/blob/57a3e597e9199f9e9e0c26aab2123332eb19cc28/protocol/contracts/templegold/TempleGoldStaking.sol#L180-L193

https://github.com/Cyfrin/2024-07-templegold/blob/57a3e597e9199f9e9e0c26aab2123332eb19cc28/protocol/contracts/templegold/TempleGoldStaking.sol#L125-L129

https://github.com/Cyfrin/2024-07-templegold/blob/57a3e597e9199f9e9e0c26aab2123332eb19cc28/protocol/contracts/templegold/TempleGoldStaking.sol#L152-L156

function distributeRewards() updateReward(address(0), 0) external {

if (distributionStarter != address(0) && msg.sender != distributionStarter)

{ revert CommonEventsAndErrors.InvalidAccess(); }

// ... rest of the function

}

The distributionStarter can be set by an elevated access role:

function setDistributionStarter(address _starter) external onlyElevatedAccess {

distributionStarter = _starter;

emit DistributionStarterSet(_starter);

}

This creates two problematic scenarios:

If distributionStarter is a non-zero address, only that address can distribute rewards.
If distributionStarter is set to address(0), anyone can call distributeRewards().

Additionally, the rewardDistributionCoolDown adds another layer of centralized control over the frequency of distributions.

Impact

The centralization in the reward distribution mechanism could lead to several high-impact issues:

Single Point of Failure: If the distributionStarter becomes unavailable or compromised, reward distribution could be halted indefinitely.
Manipulation: A malicious distributionStarter could manipulate distribution timing for personal gain.
Inconsistent Rewards: In the case where anyone can distribute (address(0)), uncoordinated or malicious distributions could lead to unfair reward allocation.

These issues could potentially affect all stakers in the system, disrupting the core functionality of the staking contract.

Tools Used

Manual review

Recommendations

Implement a decentralized governance mechanism for reward distribution, such as a multi-signature wallet or DAO.
Add a fallback mechanism that allows anyone to trigger distribution if it hasn't occurred within a set timeframe.
Implement time-locks on critical functions like setDistributionStarter to provide transparency and allow users to react to changes.
If maintaining a distributionStarter role, implement a 2-of-3 multisig or similar setup to reduce single point of failure risks.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

25,000 USDC

nSLOC

998

25 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Judges

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.