TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Users will get improper amounts if they set their numerator is greater than their denominator

Baptizer

Summary

When users want to get their mint amounts and are inputing their details, they may unknowingly input a _factor.numeratorthat may be greater than its denominator, which is against the intended design of the contract.

[more info in Vulnerability Details and Impact]

Vulnerability Details

The actual _getMintAmountis a private function that is callable by other functions in the contract. In the instant case, the getMintAmountfunction calls it.

function getMintAmount() external override view returns (uint256) {
VestingFactor memory vestingFactorCache = vestingFactor;
return _getMintAmount(vestingFactorCache);
}

A user can use it to get their own mint amounts.

However, there will be an error where the user sets the numerator of their _factorto be greater than its numerator. which will be an invalid parameter.

Impact

Invalid parameter, and the function will not return.

Tools Used

Manual review.

Recommendations

This error can be added: if (_factor.numerator > _factor.denominator) { revert CommonEventsAndErrors.InvalidParam(); }

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.