Hidden Tweed Elephant
High
When the staker deposit he can provide delegatee and claimer address other than himself but when the staker allots someone else as a claimer. He will not know that the claimer has claimed the reward for his deposit or not and if he mistakenly withdraws his stake then it will result in loosing out on rewards.
When the claimer has not called the reward for the deposit and the staker withdraws the stake then the claimer will loose out on rewards because there is no check which stops the staker from withdrawing its stake before claiming the reward. Suppose there is a reward which is being generated for the deposit which is being staked by the user and user has alloted the reward to some other claimer But because of some conditions user wants to withdraw its stake so he call the withdraw function and it will withdraw his stake and that will make the claimer loose out on rewards which is being generated for the deposit.
Severity :: HIGH Likelihood :: MEDIUM Claimer loosing the rewards because of the stake withdrawal by the staker before claiming the reward
https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L392-L401
Manual Review
Add a check which will check the deposit has the pending reward which should be claimed before withdrawing the stake