TempleGoldAdmin contract cannot transfer TempleGold tokens even if authorized to do so
Summary
The TempleGoldAdmin contract lacks transfer functions to operate with templeGold, so it would not be able to transfer tokens even if the contract was authorized.
Vulnerability Details
The contract TempleGoldAdmin is the admin contract to operate/reconfigure the TempleGold contract.
As suche, the TempleGoldAdmin contract implements a number of functions that are an interface to the TempleGold contract such as
setStaking(), setEscrow(), setTeamGnosis(), authorizeContract(), etc.
The function templeGold.authorizeContract() enables a contract to transfer TempleGold tokens (because by default it is a non-transferrable token). The TempleGoldAdmin contract implements an equivalent function that redirects the call to the templeGold token contract:
It is reasonable to think that the templeGoldAdmin contract could be granted the authorization to handle templeGold tokens.
However, if this happens, the templeGoldAdmin contract will not be able to do so, as it does not include interfaces to transfer tokens.
Impact
The templeGoldAdmin contract will not be able to handle templeGold tokens even if authorized.
If tokens were sent there, they would become stuck lost funds.
Recommendations
Include interfaces to transfer templeGold tokens in the TempleGoldAdmin contract:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.