TempleGold

TempleDAO
Foundry
25,000 USDC
View results
Submission Details
Severity: low
Valid

Updating vestingFactor will override current distribution

Summary
TempleGold.setVestingFactor()will change the vesting factory without first minting the already accumulated amount

Vulnerability Details

Let's look at an example with the following:

  • MAX_SUPPLY = 300_000e18

  • Vesting factory = 1/(3 years)

If 1 year passes and the vesting factor is updated to 1/(4 years), since the code currently doesn't call mint() before updating, the minted amount will be 75_000e18 even though it should have been 100_000e18.

In contrast, if mint() was called before updating, 100_000e18 tokens would have been minted and the vesting process would have continued with the new vesting fraction from there on.

Impact

Inconsistent vesting rates.

Tools Used

Manual Review

Recommendations

Call mint() before updating the vesting fraction

function setVestingFactor(VestingFactor calldata _factor) external override onlyOwner {
if (_factor.numerator == 0 || _factor.denominator == 0) { revert CommonEventsAndErrors.ExpectedNonZero(); }
if (_factor.numerator > _factor.denominator) { revert CommonEventsAndErrors.InvalidParam(); }
+ mint();
vestingFactor = _factor;
/// @dev initialize
if (lastMintTimestamp == 0) { lastMintTimestamp = uint32(block.timestamp); }
emit VestingFactorSet(_factor.numerator, _factor.denominator);
}```
Updates

Lead Judging Commences

inallhonesty Lead Judge
about 1 year ago
inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

When the operators call `TempleGold::setVestingFactor` to modify the `VestingFactor`, the tokens accumulated based on the previous factor are not resolved.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.