Skip to content

Latest commit

 

History

History
39 lines (20 loc) · 1.27 KB

049.md

File metadata and controls

39 lines (20 loc) · 1.27 KB

Helpful Walnut Meerkat

Medium

Users Are Susceptible to Slippage in _earningPower When Calling GovernanceStaker::stake

Summary

The GovernanceStaker contract is designed for use via EOAs (Externally Owned Accounts). However, it does not account for scenarios where, due to the delay between the transaction submission and execution, users might experience unexpected distortions. This could result in receiving less—or even no—_earningPower from their staking.

Root Case

None of the external calls in these lines account for such variations, leaving users vulnerable to slippage or even the complete loss of rewards during their staking.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

  • Users could earn significantly less or even no rewards from their staking due to slippage.

Mitigation

Implement a minimum earningPower check to validate the transaction and ensure predictable outcomes for users.