TempleGold
TempleDAO
Foundry
25,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

First depositor can manipulate the rewardPerToken by depositing 1 wei supply

peanuts

Summary

The first depositor can manipulate the rewards and get more rewards than intended.

Vulnerability Details

The first depositor can deposit 1 wei as the first transaction to bring the totalSupplyto 1. Then, the same depositor deposits a non-trivial amount of tokens inside. At the second deposit, updateReward()will be called again, this time totalSupplywill be 1.

function _rewardPerToken() internal view returns (uint256) {
if (totalSupply == 0) {
return rewardData.rewardPerTokenStored;
}
return
rewardData.rewardPerTokenStored +
(((_lastTimeRewardApplicable(rewardData.periodFinish) -
rewardData.lastUpdateTime) *
rewardData.rewardRate * 1e18)
> / totalSupply);
}

The _rewardPerToken()earned will be higher than intended, which means that the first depositor can get a higher claimwhen his earnings is calculated.

uint256 _perTokenReward;
if (vestingRate == 1e18) {
> _perTokenReward = _rewardPerToken();
} else {
> _perTokenReward = _rewardPerToken() * vestingRate / 1e18;
}
return
(_stakeInfo.amount * (_perTokenReward - userRewardPerTokenPaid[_account][_index])) / 1e18 +
claimableRewards[_account][_index];
}

Impact

Protocol will lose funds

Tools Used

Manual Review

Recommendations

Recommend adding a virtual supply to prevent 1 wei inflation attacks.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.