Nice Burgundy Gerbil
High
Every reward withdrawal on Tally should include protocol fee payment, but in bumpEarningPower() protocol fee was never deducted.
https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L471
If a user calls bumpEarningPower() to update the earning power of a staker, since there is no limit to when this call can be made, it is possible that this call being made when the max reward has been made available and caller request all of it. If all is sent to the caller, there will be nothing left for protocol to deduct reward fee from.
Protocol loses fee on rewards
uint256 _unclaimedRewards = deposit.scaledUnclaimedRewardCheckpoint / SCALE_FACTOR;Manual Review
Deduct protocol fee from _unclaimedRewards in bumpEarningPower() and send fee to the recipient.