TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Tokens can be distributed to `teamGnosis`, even if `DistributionParams.teamGnosis` is 0.

PTolev

Summary

Tokens can be distributed to teamGnosis, even if DistributionParams.teamGnosis is 0.

Vulnerability Details

When the new mintAmount is distributed from TempeGold._distribute(), it will be split between staking, escrow, and teamGnosis. If there is a remainder, teamGnosis will be prioritized (line 239), and will handle the remainder. However, the teamGnosis percentage can be 0, as stated in the Known Issues section:

In Temple Gold contract, setDistributionParams() can be executed with 0 value for a parameter eg. params.gnosis -

This is intentional to freely distribute minted TGLD to staking and dai gold auction only.

In this case, the mint amount is expected to be split only between staking and escrow. However, if there is a remainder, it will still be sent to teamGnosis.

function _distribute(DistributionParams storage params, uint256 mintAmount) private {
uint256 stakingAmount = TempleMath.mulDivRound(params.staking, mintAmount, DISTRIBUTION_DIVISOR, false);
if (stakingAmount > 0) {
>> _mint(address(staking), stakingAmount);
staking.notifyDistribution(stakingAmount);
}
uint256 escrowAmount = TempleMath.mulDivRound(params.escrow, mintAmount, DISTRIBUTION_DIVISOR, false);
if (escrowAmount > 0) {
>> _mint(address(escrow), escrowAmount);
escrow.notifyDistribution(escrowAmount);
}
uint256 gnosisAmount = mintAmount - stakingAmount - escrowAmount;
if (gnosisAmount > 0) {
>> _mint(teamGnosis, gnosisAmount);
/// @notice no requirement to notify gnosis because no action has to be taken
}
_totalDistributed += mintAmount;
emit Distributed(stakingAmount, escrowAmount, gnosisAmount, block.timestamp);
}

Impact

Tokens will be sent to teamGnosis unintentionally.

Tools Used

Manual Review

Recommendations

If DistributionParams.teamGnosis is 0, distribute the remaining tokens to either staking or escrow.

function _distribute(DistributionParams storage params, uint256 mintAmount) private {
uint256 stakingAmount = TempleMath.mulDivRound(params.staking, mintAmount, DISTRIBUTION_DIVISOR, false);
if (stakingAmount > 0) {
_mint(address(staking), stakingAmount);
staking.notifyDistribution(stakingAmount);
}
uint256 escrowAmount = TempleMath.mulDivRound(params.escrow, mintAmount, DISTRIBUTION_DIVISOR, false);
+ if (params.teamGnosis == 0) {
+ escrowAmount += mintAmount - stakingAmount - escrowAmount;
+ }
if (escrowAmount > 0) {
_mint(address(escrow), escrowAmount);
escrow.notifyDistribution(escrowAmount);
}
uint256 gnosisAmount = mintAmount - stakingAmount - escrowAmount;
if (gnosisAmount > 0) {
_mint(teamGnosis, gnosisAmount);
/// @notice no requirement to notify gnosis because no action has to be taken
}
_totalDistributed += mintAmount;
emit Distributed(stakingAmount, escrowAmount, gnosisAmount, block.timestamp);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

dust amount gets minted to teamGnosis

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.