Deep Metal Wren
Medium
The bumpEarningPower function allows a third party (bumper) to update a deposit's earning power and receive a tip from the deposit's unclaimed rewards. However, the logic for ensuring the requested tip does not exceed the unclaimed rewards is flawed. Specifically, the following condition:
if (_newEarningPower < deposit.earningPower && (_unclaimedRewards - _requestedTip) < maxBumpTip) {
revert GovernanceStaker__InsufficientUnclaimedRewards();
}is incorrectly designed and does not effectively ensure that _requestedTip is less than or equal to _unclaimedRewards.
https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L496-L500
The condition (_unclaimedRewards - _requestedTip) < maxBumpTip does not directly validate whether _requestedTip exceeds _unclaimedRewards. It instead checks the result of subtracting _requestedTip from _unclaimedRewards against maxBumpTip. which would cause it to revert if the _unclaimedRewards is barely >_requestedTip
The incorrect check would cause valid _unclaimedRewards and _requestedTip to fail.
Replace the flawed condition with an explicit check that ensures _requestedTip does not exceed _unclaimedRewards. This prevents underflow and ensures correct validation of the tip amount.
if (_newEarningPower < deposit.earningPower && _requestedTip > _unclaimedRewards) {
revert GovernanceStaker__InsufficientUnclaimedRewards();
}