This repository has been archived by the owner on Dec 20, 2024. It is now read-only.
Increasing the earning power of a deposit may fail in certain cases #35
Labels
Low/Info
A Low/Info severity issue.
Summary
Bumping to increase the earning power of a deposit might fail in valid scenarios.
Vulnerability Detail
Consider a case where the earning power of a deposit is zero, but a few unclaimed rewards exist for the deposit. The user claims the rewards, where a portion is deducted as a claiming fee, and the remaining amount is received by the user. At this point, there will be no more unclaimed rewards.
However, if the delegate of the deposit later becomes eligible, the deposit needs to be bumped to increase its earning power. Since there are no unclaimed rewards in the deposit, the
bumpEarningPower
function would revert due to the following check:Impact
It is important to bump the deposit immediately when the delegate becomes eligible. However, due to the issue mentioned above, this fails, and the user loses rewards until they manually interact with their deposit. Note that
claimRewards
would also fail, so the user must use any other action such aswithdraw
,stakeMore
oralter
functions to update the deposit state in order to increase its earning power.Code Snippet
https://github.com/sherlock-audit/2024-11-tally/blob/main/govstaking/src/GovernanceStaker.sol#L489-L491
Tool used
Manual Review
Recommendation
Add a check in the
claimReward
function to ensure that at least an amount equivalent tomaxBumpTip
remains in the depositThe text was updated successfully, but these errors were encountered: