Skip to content

Latest commit

 

History

History
53 lines (43 loc) · 1.29 KB

019.md

File metadata and controls

53 lines (43 loc) · 1.29 KB

Proud Tartan Lynx

Medium

Cannot Claim The Rewards

Summary

After the user withdraws all of his/her funds and if the remaining rewards are less than the fees, these rewards cannot be claimed.

Root Cause

https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L720

Internal pre-conditions

N/A

External pre-conditions

N/A

Attack Path

N/A

Impact

Loss of funds.

PoC

GovernanceStaker.sol
    function _claimReward(DepositIdentifier _depositId, Deposit storage deposit, address _claimer)
        internal
        virtual
        returns (uint256)
    {
        _checkpointGlobalReward();
        _checkpointReward(deposit);

        uint256 _reward = deposit.scaledUnclaimedRewardCheckpoint / SCALE_FACTOR;
        // Intentionally reverts due to overflow if unclaimed rewards are less than fee.
720:    uint256 _payout = _reward - claimFeeParameters.feeAmount;
        ...
    }
    function bumpEarningPower(
        DepositIdentifier _depositId,
        address _tipReceiver,
        uint256 _requestedTip
    ) external virtual {
        ...
488:    if (!_isQualifiedForBump || _newEarningPower == deposit.earningPower) {
            revert GovernanceStaker__Unqualified(_newEarningPower);
        }
        ...
    }

Mitigation