Summary

There is no access control on who can call getReward function in TempleGoldStaking.sol, which may result in some undesired behaviors within protocol.

Vulnerability Details

getReward can be called by anyone. The function updates the rewards for the staker and makes a call to internal function _getReward. The _getReward function checks the amount of claimable rewards and send them to the staker address . Neither The _getReward nor the updateReward modifier includes any validaton if msg.sender is the staker. Therefore if anyone other than the staker calls the function, both the protocol and users may face unexpected behaivors such as:
1)Forced reward distribution may affect distribution timings for the staker
2)If an attacker repeatedly invokes thegetReward function for multiple stakers, it could lead to congestion and high gas costs on the network. This might prevent legitimate users from executing their transactions due to increased gas prices or network congestion.

Impact

Potential DoS attack and unintentional situations for protocol/users

Tools Used

Manual Review

Recommendations

Implement access control mechanisms such as onlyStaker to ensure only the staker can invoke the getReward function for their own rewards.