TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

TempleGoldStaking contract have 3 view functions (`rewardPerTokenStored()`, `periodFinish()`,`lastUpdateTime()`) returning wrong value

0xhuy0512

Summary

Vulnerability Details

https://github.com/Cyfrin/2024-07-templegold/blob/57a3e597e9199f9e9e0c26aab2123332eb19cc28/protocol/contracts/templegold/TempleGoldStaking.sol#L39-L40
https://github.com/Cyfrin/2024-07-templegold/blob/57a3e597e9199f9e9e0c26aab2123332eb19cc28/protocol/contracts/templegold/TempleGoldStaking.sol#L44-L47

In TempleGoldStaking contract, we have 3 unused public variable: rewardPerTokenStored, periodFinish,lastUpdateTime. Instead, it is replaced with rewardData variable, which is a struct type:

struct Reward {
uint40 periodFinish; <<@@@
uint40 lastUpdateTime; <<@@@
uint216 rewardRate;
uint216 rewardPerTokenStored; <<@@@
}
Reward internal rewardData;

Impact

Because those 3 public variables is unused, it's view function will always return to 0, which can lead to integration issues

Tools Used

Manual Review

Recommendations

- uint256 public override rewardPerTokenStored;
- uint256 public override periodFinish;
- uint256 public override lastUpdateTime;
+ function rewardPerTokenStored() public view returns(uint256){
+ return rewardData.rewardPerTokenStored;
+ }
+ function periodFinish() public view returns(uint256){
+ return rewardData.periodFinish;
+ }
+ function lastUpdateTime() public view returns(uint256){
+ return rewardData.lastUpdateTime;
+ }
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.