`nextRewardAmount` will endup being zero in `TempleGoldStaking:_notifyReward`
Summary
The TempleGoldStaking contract facilitates staking of Temple tokens and distribution of Temple Gold (TGLD) rewards to stakers. It includes mechanisms for stake delegation, reward distribution, and vesting periods for stakers. The issue resides in the calculation of nextRewardAmount based on the rewardData.rewardRate in the _notifyReward function.
Vulnerability Details
The calculation rewardData.rewardRate = amount / rewardDuration sets the rate at which rewards are distributed per unit time (rewardDuration). However, the subsequent calculation of nextRewardAmount subtracts rewardData.rewardRate * rewardDuration from amount. And if we put rewardData.rewardRate in that expression, which is amount/rewardDuration. It will end up being just amount. So nextRewardAmount will equal amount - amount which zero.
See the following code:
Impact
nextRewardAmount value will alwyay end up being zero which is not what is expected. If rewardData.rewardRate * rewardDuration equals amount, nextRewardAmount will be zero, potentially leaving unallocated rewards (dust).
Tools Used
Manual Review
Recommendations
Ensure that this calculation is meaningful and have some proper value instead of amount - amount.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.