Calling TempleGoldStaking::distributeRewards()
upadates the rewwardData.periodFinish
paramater which specificies when reward distribution is supposed to stop however when a starter is not set, a malicious user can call this function towards the end of a reward duration which will renew the rewardData.periodFinish
paramater making the reward period go beyond the intended time.
In the TempleGoldStaking
contract it is possible for rewardDistribution to be started by anyone when a starter is not set.
A malitious user a can recall this function towards the end of a reward duration which will renew the rewwardData.periodFinish
when TempleGoldStaking::_notifyReward
is called.
The rewardData.periodFinish
paramater is renewed when the above function is called making the reward period go beyond the intended time.
We have user A and B
User A is the reward distribution starter but has not been set in the contract.
User A starts the Reward Distribution for a duration that has been set.
Towards the end of this reward distribution duration, User B maliciously calls TempleGoldStaking::distributeRewards()
just to prevent the reward distribution from stopping.
This would go against user A's intentions as he may have wanted to add a reward duration and vesting period to be added. Which is now impossible due to the renewed rewardData.periodfinish
. Even more gold will be distributrd than intended for this specific reward duration.
This makes the reward distribution to go beyond the intended time and makes it impossible to set a new reward duration and vesting period.
##Tools
Manual Review
Make it impossible for anyone to start Rewards distribution by ensuring only a single starter is supposed to do so.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.