TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

loss due to rounding down in TempleGoldStaking

cryptomoon

Summary

In TempleGoldStaking, vestingRateis used to introduce vesting for the tokens earned. However, there can be rounding issues due to in-correct order of multiplication and division.

Vulnerability Details

The _earnedfunction calculates _perTokenReward as following

https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/TempleGoldStaking.sol#L476

_perTokenReward = _rewardPerToken() * vestingRate / 1e18;

vestingRateis calculated using following formula:

https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/TempleGoldStaking.sol#L484-L493

function _getVestingRate(StakeInfo memory _stakeInfo) internal view returns (uint256vestingRate) {
if (_stakeInfo.stakeTime == 0) {
return 0;
}
if (block.timestamp > _stakeInfo.fullyVestedAt) {
vestingRate = 1e18;
} else {
// DIVIDING BY VESTING RATE. THIS IS LATER MULTIPLIED WITH _rewardPerToken()
vestingRate = (block.timestamp - _stakeInfo.stakeTime) * 1e18 / vestingPeriod;
}
}

vestingRateformula involves division with vestingPeriodand that result is multiplied with _rewardPerToken()in _earnedfunction. Due to this, there can be minor precision loss.

Impact

Precision loss. This can result in low earning of user's reward token.

Tools Used

Manual review

Recommendations

Do all the multiplication before dividing the results. The above formula can be corrected as:

_perTokenReward = (_rewardPerToken() * (block.timestamp - _stakeInfo.stakeTime) * 1e18) / vestingPeriod / 1e18

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.