048.md

Helpful Walnut Meerkat

Medium

Users Can Exploit STALE_ORACLE_WINDOW to Obtain Maximum Possible EarningPower

Summary

The GovernanceStaker::_stake function fetches the _earningPower from the earningPowerCalculator. However, when the STALE_ORACLE_WINDOW is exceeded, the function assumes and returns the maximum possible _earningPower. In scenarios with low activity or a very short STALE_ORACLE_WINDOW, this behavior can be exploited.

Root Case

• https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L571

• https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/BinaryEligibilityOracleEarningPowerCalculator.sol#L152

The logic shows that when the STALE_ORACLE_WINDOW is exceeded, the maximum possible _earningPower is assumed and returned.

Internal pre-conditions

• A very short STALE_ORACLE_WINDOW.

• Low protocol activity.

External pre-conditions

No response

Attack Path

No response

Impact

Users could exploit these conditions to obtain the maximum EarningPower from delegates who do not meet the delegateeEligibilityThresholdScore minimum requirements.

Mitigation

The _isDelegateeEligible check should be enforced to prevent abuse.