Skip to content

Latest commit

 

History

History
42 lines (31 loc) · 1.69 KB

059.md

File metadata and controls

42 lines (31 loc) · 1.69 KB

Teeny Orange Otter

Medium

A small amount of protocol fee can not be paid

Summary

Inappropriate protocol fee can cause stakers unable to pay fee and claim rewards

Vulnerability Detail

In the function GovernanceStaker::_claimReward(), the payout for staker is the claimable amount minus fee.

  function _claimReward(DepositIdentifier _depositId, Deposit storage deposit, address _claimer)
    internal
    virtual
    returns (uint256)
  {
    _checkpointGlobalReward();
    _checkpointReward(deposit);

@>    uint256 _reward = deposit.scaledUnclaimedRewardCheckpoint / SCALE_FACTOR;
    // Intentionally reverts due to overflow if unclaimed rewards are less than fee.
@>    uint256 _payout = _reward - claimFeeParameters.feeAmount;
@>    if (_payout == 0) return 0;
    ...

In case the staker's unclaimed rewards is small enough, such that _reward <= claimFeeParameters.feeAmount, the staker can not pay fee and claim any rewards token even though there is unclaimed rewards existed. This can be a problem when the claimFeeParameters.feeAmount is set to be a relative high amount.

Impact

  • There can be a small amount of fee/rewards can not be paid

Code Snippet

https://github.com/sherlock-audit/2024-11-tally/blob/b125d1f2b52170a3789b1060a52fc6609e6e2262/staker/src/GovernanceStaker.sol#L710-L721

https://github.com/sherlock-audit/2024-11-tally/blob/b125d1f2b52170a3789b1060a52fc6609e6e2262/staker/src/GovernanceStaker.sol#L799-L813

Tool used

Manual Review

Recommendation

Either send the small amount of rewards to user, or take it as fee