Skip to content

Latest commit

 

History

History
45 lines (30 loc) · 2.54 KB

030.md

File metadata and controls

45 lines (30 loc) · 2.54 KB

Recumbent Orange Wallaby

Medium

Claimers can suppress bumpers by exploiting claimReward to renew earning power

Summary

The claimer of a Deposit can suppress bumpers by exploiting the claimReward function. Since bumpers receive a portion of the Deposit's unclaimed rewards as incentives, claimers can prevent bumpers from earning incentives by calling claimReward to renew their earning power. This action denies bumpers their expected rewards, undermining the protocol's incentive mechanism and shifting the loss to the claimer, as the funds used for bumper incentives are deducted from their own rewards.

https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L721-L729


Root Cause

The ability of the claimReward function to reset the earning power of a Deposit without restrictions allows claimers to interfere with the bumper incentive mechanism:

  1. Earning Power Reset in claimReward:

    • Each call to claimReward resets the earning power of a Deposit using the earningPowerCalculator.getEarningPower logic.
  2. No Restriction on Reward Claims:

    • The function does not enforce a minimum claimable amount and only returns if the rewards are zero.
    • This allows claimers to repeatedly call the function with negligible or no rewards purely to refresh their earning power.
  3. Impact on Bumper Incentives:

    • Bumpers receive incentives from a portion of the Deposit's unclaimed rewards. By claiming rewards frequently, the claimer can reduce or eliminate the unclaimed rewards before the bumper can act.

Impact

  1. Protocol Design Undermined:

    • The incentive mechanism for bumpers is compromised, discouraging participation and weakening the protocol's ability to update earning power effectively.
  2. Financial Loss to Claimer:

    • While suppressing bumpers, the claimer sacrifices the protocol's intended earning power updates, potentially leading to reduced overall rewards.
  3. Disincentivized Bumper Participation:

    • Bumpers, unable to reliably earn incentives, are discouraged from participating, further degrading the protocol's functionality.

Mitigation

  1. Restrict Frequent Calls to claimReward:

    • Introduce a cooldown period for the claimReward function to limit how often it can be called, ensuring bumpers have a fair opportunity to act.
  2. Set a Minimum Claim Threshold:

    • Prevent earning power from being renewed by revert function claimReward if the claimable amount does not exceed the specified minimum.