Large Brown Hippo
High
Malicious Users can withdraw more than they should thereby stealing funds
The withdraw
function lacks check to prevent a malicious from withdrawing more amount than they should . This will result to loss of funds
Loss of Funds
https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L680-L704
Manual Review
Users deposit should be greater than amount withdrawn. There should be a check regarding this in the withdraw
function
require depositorTotalStaked[deposit.owner] > _amount