Helpful Walnut Meerkat
Medium
The GovernanceStaker
contract is designed for use via EOAs (Externally Owned Accounts). However, it does not account for scenarios where, due to the delay between the transaction submission and execution, users might experience unexpected distortions. This could result in receiving less—or even no—_earningPower
from their staking.
-
https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L332
-
https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L348
-
https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L362
None of the external calls in these lines account for such variations, leaving users vulnerable to slippage or even the complete loss of rewards during their staking.
No response
No response
No response
- Users could earn significantly less or even no rewards from their staking due to slippage.
Implement a minimum earningPower check to validate the transaction and ensure predictable outcomes for users.