TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

[L-1] TempleGoldStaking::distributeRewards doesn't emit an event

0xcontrol

Description:
The distributeRewards() function in the TempleGoldStaking contract is a crucial function that handles the distribution of rewards to stakers. However, this function does not emit an event, which is a common and important practice for functions that perform significant actions, such as distributing rewards. Emitting events is essential for tracking state changes and ensuring transparency and accountability in the execution of smart contracts.

Impact:
The absence of an event emission in the distributeRewards() function has several potential impacts:

Transparency: Stakeholders and external observers cannot easily track when and how rewards are distributed, reducing the transparency of the contract's operations.
Debugging and Monitoring: Developers and auditors may find it more challenging to debug and monitor the contract's behavior without event logs that record the execution of this critical function.
Integration: Other smart contracts and off-chain systems that rely on event logs for their logic or user interfaces will not be able to detect when rewards are distributed, potentially leading to inconsistencies or errors.

Proof of Concept:
Below is the distributeRewards() function as it currently stands, without an event emission:

function distributeRewards() updateReward(address(0), 0) external {
if (distributionStarter != address(0) && msg.sender != distributionStarter) {
revert CommonEventsAndErrors.InvalidAccess();
}
if (totalSupply == 0) {
revert NoStaker();
}
// Mint and distribute TGLD if no cooldown set
if (lastRewardNotificationTimestamp + rewardDistributionCoolDown > block.timestamp) {
revert CannotDistribute();
}
_distributeGold();
uint256 rewardAmount = nextRewardAmount;
// Revert if next reward is 0 or less than reward duration (final dust amounts)
if (rewardAmount < rewardDuration) {
revert CommonEventsAndErrors.ExpectedNonZero();
}
nextRewardAmount = 0;
_notifyReward(rewardAmount);
lastRewardNotificationTimestamp = uint32(block.timestamp);
}

tool used
manual

Recommended Mitigation:
To address this issue, it is recommended to emit an event within the distributeRewards() function. This event should include relevant details such as the reward amount and the timestamp of distribution. Here is an example of how this can be implemented:

  • Define an even inside the ITempleGoldStaking interface
    event RewardsDistributed(uint256 rewardAmount, uint256 timestamp);

  • Emit the Event in the Function:

function distributeRewards() updateReward(address(0), 0) external {
if (distributionStarter != address(0) && msg.sender != distributionStarter) {
revert CommonEventsAndErrors.InvalidAccess();
}
if (totalSupply == 0) {
revert NoStaker();
}
// Mint and distribute TGLD if no cooldown set
if (lastRewardNotificationTimestamp + rewardDistributionCoolDown > block.timestamp) {
revert CannotDistribute();
}
_distributeGold();
uint256 rewardAmount = nextRewardAmount;
// Revert if next reward is 0 or less than reward duration (final dust amounts)
if (rewardAmount < rewardDuration) {
revert CommonEventsAndErrors.ExpectedNonZero();
}
nextRewardAmount = 0;
_notifyReward(rewardAmount);
lastRewardNotificationTimestamp = uint32(block.timestamp);
// Emit the RewardsDistributed event
+ emit RewardsDistributed(rewardAmount, block.timestamp);
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.