TempleGold

TempleDAO

Foundry

25,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

`nextRewardAmount` will endup being zero in `TempleGoldStaking:_notifyReward`

0xbeastboy

Summary

The TempleGoldStaking contract facilitates staking of Temple tokens and distribution of Temple Gold (TGLD) rewards to stakers. It includes mechanisms for stake delegation, reward distribution, and vesting periods for stakers. The issue resides in the calculation of nextRewardAmount based on the rewardData.rewardRate in the _notifyReward function.

Vulnerability Details

The calculation rewardData.rewardRate = amount / rewardDuration sets the rate at which rewards are distributed per unit time (rewardDuration). However, the subsequent calculation of nextRewardAmount subtracts rewardData.rewardRate * rewardDuration from amount. And if we put rewardData.rewardRate in that expression, which is amount/rewardDuration. It will end up being just amount. So nextRewardAmount will equal amount - amount which zero.

See the following code:

function _notifyReward(uint256 amount) private {

if (block.timestamp >= rewardData.periodFinish) {

rewardData.rewardRate = uint216(amount / rewardDuration);

// collect dust

nextRewardAmount = amount - (rewardData.rewardRate * rewardDuration);

} else {

uint256 remaining = uint256(rewardData.periodFinish) - block.timestamp;

uint256 leftover = remaining * rewardData.rewardRate;

rewardData.rewardRate = uint216((amount + leftover) / rewardDuration);

// collect dust

nextRewardAmount = (amount + leftover) - (rewardData.rewardRate * rewardDuration);

}

rewardData.lastUpdateTime = uint40(block.timestamp);

rewardData.periodFinish = uint40(block.timestamp + rewardDuration);

}

Impact

nextRewardAmount value will alwyay end up being zero which is not what is expected. If rewardData.rewardRate * rewardDuration equals amount, nextRewardAmount will be zero, potentially leaving unallocated rewards (dust).

Tools Used

Manual Review

Recommendations

Ensure that this calculation is meaningful and have some proper value instead of amount - amount.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

25,000 USDC

nSLOC

998

25 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Judges

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!