TempleGold

Summary

Anyone can call the mint TGLD tokens at any time by design. The minted tokens are distributed to 3 addresses: escrow, staking and team gnosis. However, after minting, when updating the _totalDistributed tokens amount the new value will not be the actually minted tokens.

Vulnerability Details

When calculating the stakingAmount and escrowAmount due to the nature of the calculating there is a precision loss issue. This is because the value of those variables is a percent of the total distribution(example percentages: escrow 60%, staking: 30%).

Every time this calculation happens a fraction of the result is lost. For example, the actual value might be 0.9 or 88.9, the real value will be 0 and 88. This is a typical precision loss issue in Solidity and it's expected. The real issue happens when the _totalDistributedvalue is calculated, because not the actually minted tokens will be used, but the mintAmount. This will lead to a mismatch between the actually minted tokens and the _totalDistributedvalue. mintAmount is not always the actually minted tokens amount.

An attacker can call TempleGold.mint() very frequently(taking advantage of the Arbitrum One's fast block mine time **~0.26s **and cheap gas prices) and make this mismatch between actually minted and stored as minted in _totalDistributed way bigger

Code snippet with the issue: https://github.com/Cyfrin/2024-07-templegold/blob/main/protocol/contracts/templegold/TempleGold.sol#L226-L245

Impact

Mismatch between the real number of minted TGLD tokens and circulatingSupply(),_totalDistributedvalues returned by the TempleGold contract.

Tools Used

Manual review

Recommendations

Use the actual minted amount when calculating _totalDistributed value, instead of mintAmount