TempleGold

TempleDAO

Foundry

25,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

`send` function in `TempleGold.sol` is passing wrong arguments to `_debit`

0xtheblackpanther

GitHub
https://github.com/Cyfrin/2024-07-templegold/blob/57a3e597e9199f9e9e0c26aab2123332eb19cc28/protocol/contracts/templegold/TempleGold.sol#L295-L300

Summary

The _debit function is designed to accept three parameters, but in TempleGold, it is incorrectly passing four parameters, which causes an error.

_debit Function Definition

/**

* @dev Burns tokens from the sender's specified balance.

* @param _amountLD The amount of tokens to send in local decimals.

* @param _minAmountLD The minimum amount to send in local decimals.

* @param _dstEid The destination chain ID.

* @return amountSentLD The amount sent in local decimals.

* @return amountReceivedLD The amount received in local decimals on the remote.

function _debit(

uint256 _amountLD,

uint256 _minAmountLD,

uint32 _dstEid

) internal virtual override returns (uint256 amountSentLD, uint256 amountReceivedLD) {

(amountSentLD, amountReceivedLD) = _debitView(_amountLD, _minAmountLD, _dstEid);

// @dev In NON-default OFT, amountSentLD could be 100, with a 10% fee, the amountReceivedLD amount is 90,

// therefore amountSentLD CAN differ from amountReceivedLD.

// @dev Default OFT burns on src.

_burn(msg.sender, amountSentLD);

}

Incorrect Invocation in `TempleGold.sol`

(uint256 amountSentLD, uint256 amountReceivedLD) = _debit(

msg.sender, // why msg.sender is passed @audit?

_sendParam.amountLD,

_sendParam.minAmountLD,

_sendParam.dstEid

);

Impact

The _debit function will throw an error when called because it is defined to accept only three parameters, but four parameters are being passed in the invocation. This discrepancy will result in a function call failure, disrupting the intended token burning process.

Recommendation

Remove the msg.sender parameter from the function call to match the expected three parameters of the _debit function.

Corrected Invocation

(uint256 amountSentLD, uint256 amountReceivedLD) = _debit(

_sendParam.amountLD,

_sendParam.minAmountLD,

_sendParam.dstEid

);

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

send calls _debit with 4 parameters instead of 3

Prize pool breakdown

Total prize

25,000 USDC

nSLOC

998

25 USDC / LOC

High Medium

20,000 USDC

Low

2,500 USDC

Judges

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.