Rough Brick Meerkat
Medium
In the functions ‘permitAndStake’ and ‘permitAndStakeMore’ in the file GovernanceStakerPermitAndStake.sol, even when the stake token support EIP-2612 permit functionality, these functions ignores the permit call failures (e.g., due to a signature mismatch or expired deadline) and continues execution without reverting as it uses try / catch with the permit call. In the instance, the basic purpose and advantage of permit call is defeated.
function permitAndStake(
uint256 _amount,
address _delegatee,
address _claimer,
uint256 _deadline,
uint8 _v,
bytes32 _r,
bytes32 _s
) external virtual returns (DepositIdentifier _depositId) {
try IERC20Permit(address(STAKE_TOKEN)).permit(
msg.sender, address(this), _amount, _deadline, _v, _r, _s
) {} catch {}
_depositId = _stake(msg.sender, _amount, _delegatee, _claimer);
}Under the condition of any failure in the try/catch of permit call, the staker has to separately give ERC20 approval for the desired amount to be staked, which will be required prior to the execution of
_depositId = _stake(msg.sender, _amount, _delegatee, _claimer);Manual Review
Better to revert on the failure of permit call and informing the staker the reason of failure. This will enable the staker to take informed decision.