TempleGold

TempleDAO

Foundry

25,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Underflow Vulnerability in `_distribute` Function of `TempleGold` Contract

0xbeastboy

Summary

The _distribute function in the TempleGold contract lacks proper validation for underflow conditions when calculating token distribution amounts, potentially leading to unintended behavior or disruptions in contract operations.

Vulnerability Details

The _distribute function is responsible for distributing newly minted Temple Gold tokens (mintAmount) to designated recipients based on predefined distribution parameters (params). However, it does not adequately handle scenarios where the calculated distribution amounts result in underflows. The function calculates and distributes tokens to three destinations (staking, escrow, gnosis) based on their respective percentages in params.

If the calculated stakingAmount or escrowAmount exceeds mintAmount, an underflow condition may occur when calculating gnosisAmount. This can lead to unintended token allocations or contract disruptions.

See the following code:

function _distribute(DistributionParams storage params, uint256 mintAmount) private {

uint256 stakingAmount = TempleMath.mulDivRound(params.staking, mintAmount, DISTRIBUTION_DIVISOR, false);

if (stakingAmount > 0) {

_mint(address(staking), stakingAmount);

staking.notifyDistribution(stakingAmount);

}

uint256 escrowAmount = TempleMath.mulDivRound(params.escrow, mintAmount, DISTRIBUTION_DIVISOR, false);

if (escrowAmount > 0) {

_mint(address(escrow), escrowAmount);

escrow.notifyDistribution(escrowAmount);

}

uint256 gnosisAmount = mintAmount - stakingAmount - escrowAmount;

if (gnosisAmount > 0) {

_mint(teamGnosis, gnosisAmount);

/// @notice no requirement to notify gnosis because no action has to be taken

}

_totalDistributed += mintAmount;

emit Distributed(stakingAmount, escrowAmount, gnosisAmount, block.timestamp);

}

Impact

This can lead to DOS and disruptions or invalid states in the TempleGold contract, affecting its operational reliability.

Tools Used

Manual Review

Recommendations

Implement checks to ensure that calculated distribution amounts (stakingAmount, escrowAmount) do not exceed mintAmount before calculating gnosisAmount.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

25,000 USDC

nSLOC

998

25 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Judges

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.