TempleGold

TempleDAO
Foundry
25,000 USDC
View results
Submission Details
Severity: high
Invalid

Missing Return Statement in Mint amount Calculation Function `_getMintAmount` in `TempleGold.sol` contract cause logic error

Summary:

In the _getMintAmount function, the calculated mintAmount is not returned due to the absence of a return statement. This leads to the function performing calculations without producing a usable result, potentially causing logic errors in the contract where this function is called and relied upon for minting operations.

Vulnerability Details:

This is logic error absence of return mintAmount in _getMintAmount function which Call internaly by getMintAmount function and also uses in minting and others function like canDistribute

Level

High-Critical

Impact:

The mintAmount calculated by the function is never utilized. This can cause subsequent logic in the contract to malfunction, leading to potential vulnerabilities such as:

  • Incorrect token minting amounts.

  • Failure to mint tokens when expected.

  • Discrepancies in token supply calculations.

  • The functions that depend on the mintAmount not work as expected

Proof of Concept / Explanation

Consider the following scenario where _getMintAmount is called within another function to determine the amount of tokens to mint:

function mint() external {
uint256 amountToMint = _getMintAmount(vestingFactorcache);
// other code as it is
}
  • Without a return statement in _getMintAmount, amountToMint will always be zero, and no tokens will be minted regardless of the intended calculations.

_getMintAmount function from contract:

function _getMintAmount(VestingFactor memory vestingFactorCache) private view returns (uint256 mintAmount) {
uint32 _lastMintTimestamp = lastMintTimestamp;
uint256 totalSupplyCache = _totalDistributed;
if (_lastMintTimestamp == 0) { return 0; }
mintAmount = TempleMath.mulDivRound((block.timestamp - _lastMintTimestamp) * (MAX_SUPPLY), vestingFactorCache.numerator, vestingFactorCache.denominator, false);
if (totalSupplyCache + mintAmount > MAX_SUPPLY) {
unchecked {
mintAmount = MAX_SUPPLY - totalSupplyCache;
}
}
//absent return value
}
  • When _getMintAmount is called, it performs the calculations but does not return the result, causing amountToMint to be zero.

Tools Used:

Manual, Foundry

Recommendations:

To resolve this issue, a return mintAmount; statement must be added at the end of the _getMintAmount function to ensure the calculated value is returned and can be used by the calling function.

Revised _getMintAmount function with return statement:

function _getMintAmount(VestingFactor memory vestingFactorCache) private view returns (uint256 mintAmount) {
uint32 _lastMintTimestamp = lastMintTimestamp;
uint256 totalSupplyCache = _totalDistributed;
if (_lastMintTimestamp == 0) {
return 0;
}
mintAmount = TempleMath.mulDivRound((block.timestamp - _lastMintTimestamp) * (MAX_SUPPLY), vestingFactorCache.numerator, vestingFactorCache.denominator, false);
if (totalSupplyCache + mintAmount > MAX_SUPPLY) {
unchecked {
mintAmount = MAX_SUPPLY - totalSupplyCache;
}
}
return mintAmount; //add retun statement
}

By adding the return statement, the function will correctly return the mintAmount value

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.