TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Lack of validation that `stakingToken != rewardToken`

jesjupyter

Summary

In the TempleGoldStaking::constructor, the stakingToken and rewardToken is initialized without ensuring that stakingToken != rewardToken. If stakingToken is set the same as rewardToken, this would cause accounting issues during staking.

Vulnerability Details

In the TempleGoldStaking::constructor, the stakingToken and rewardToken is initialized.

constructor(
address _rescuer,
address _executor,
address _stakingToken,
address _rewardToken
) TempleElevatedAccess(_rescuer, _executor){
stakingToken = IERC20(_stakingToken);
rewardToken = IERC20(_rewardToken);
}

However, there is no check that stakingToken != rewardToken. If stakingToken is set the same as rewardToken, this would cause accounting issues during staking:

  • User's staked tokens could be distributed as rewards.

Even though the stakingToken and rewardToken will be different per designed, it is still required to add this check to prevent the accounting issues.

Impact

If stakingToken is set the same as rewardToken, this would cause accounting issues during staking:

  • User's staked tokens could be distributed as rewards.

Tools Used

Manual

Recommendations

Add a check to ensure stakingToken != rewardToken

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.