TempleGold

TempleDAO

Foundry

25,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

TempleGold:setVestingFactor Without Calling Mint May Lead to Excessive or Insufficient TempleGold Token Minting

0xpep7

## Summary

The `setVestingFactor` function can be called without invoking the `mint` function, which may result in the minting of an incorrect number of TempleGold tokens. If the `vestingFactor` is increased, the new vesting would apply to a period in the past, potentially minting extra tokens. Conversely, reducing the `vestingFactor` during an ongoing vesting process can lead to fewer tokens being minted, undermining the fairness for the valid period between `lastMintTimestamp`.

## Vulnerability Details

The root cause of the vulnerability is that the `setVestingFactor` function does not require the `mint` function to be called beforehand to update the `lastMintTimestamp`.

https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/TempleGold.sol#L133

```solidity

// File: protocol/contracts/templegold/TempleGold.sol

130: function setVestingFactor(VestingFactor calldata _factor) external override onlyOwner {

131: if (_factor.numerator == 0 || _factor.denominator == 0) { revert CommonEventsAndErrors.ExpectedNonZero(); }

132: if (_factor.numerator > _factor.denominator) { revert CommonEventsAndErrors.InvalidParam(); }

133: vestingFactor = _factor; // <= FOUND: `setVestingFactor` without calling mint might mint more TempleGold tokens after

134: /// @dev initialize

135: if (lastMintTimestamp == 0) { lastMintTimestamp = uint32(block.timestamp); } // <= FOUND: lastMintTimestamp not always up-to-date

136: emit VestingFactorSet(_factor.numerator, _factor.denominator);

137: }

```

Let us walk through the issue with the following scenarios:

1. Alice (admin) calls `setVestingFactor` to increase the `vestingFactor`.

2. Since `mint` was not called before, the `lastMintTimestamp` remains outdated.

3. The increased `vestingFactor` now applies retroactively from the `lastMintTimestamp`, potentially allowing minting of extra tokens.

Similarly:

1. Alice calls `setVestingFactor` to decrease the `vestingFactor`.

2. If `mint` was not called before, the `lastMintTimestamp` remains outdated.

3. The decreased `vestingFactor` now applies retroactively from the `lastMintTimestamp`, leading to fewer tokens being minted for the valid period.

## Impact

This vulnerability can result in either the minting of an excessive number of tokens or fewer tokens than intended. Both scenarios can lead to financial discrepancies and unfair token distributions.

## Tools Used

Manual Review

## Recommendations

To mitigate this issue, enforce the `mint` function to update the `lastMintTimestamp` to the latest block before calling `setVestingFactor`. This ensures that any changes to the `vestingFactor` are applied correctly from the current block timestamp, preventing retroactive token minting discrepancies.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Validated

Assigned finding tags:

When the operators call `TempleGold::setVestingFactor` to modify the `VestingFactor`, the tokens accumulated based on the previous factor are not resolved.

Prize pool breakdown

Total prize

25,000 USDC

nSLOC

998

25 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Judges

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.