TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Insufficient TGOLD Balance Check in `_distributeGold`

kevinkkien

Summary

The _distributeGold function in the DaiGoldAuction contract lacks a check to ensure sufficient TGOLD balance before attempting to mint and distribute tokens. This could lead to auctions starting with less TGOLD than intended, resulting in unfairness for participants.

Vulnerability Details

The current implementation of _distributeGold directly calls templeGold.mint() without verifying if the contract holds enough TGOLD to fulfill the distribution. If the balance is insufficient, the auction could proceed with a lower TGOLD amount, potentially disadvantaging bidders who expected a larger pool of rewards.

https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/DaiGoldAuction.sol#L303-L306

function _distributeGold() private {
/// @dev no op silent fail if nothing to distribute
templeGold.mint();
}

Impact

Auctions may start with less TGOLD than advertised, leading to lower potential rewards for participants and potentially discouraging participation.

Tools Used

Manual review

Recommendations

Before calling templeGold.mint(), verify that the contract's TGOLD balance is sufficient to cover the intended distribution amount.

function _distributeGold() private {
uint256 currentBalance = templeGold.balanceOf(address(this));
uint256 amountToDistribute = ...; // Calculate the amount to distribute
if (currentBalance < amountToDistribute) {
revert InsufficientGoldBalance(currentBalance, amountToDistribute);
}
// Optionally emit an event:
emit GoldBalanceChecked(currentBalance, amountToDistribute, true);
templeGold.mint();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.