Skinny Shadow Sparrow
Medium
When alterDelegatee is called it changes the delegates but also calls _fetchOrDeploySurrogate which deploys a new contract surrogate. Then we proceed with a safeTransfer from the old one to the new one. This will always fail since the old one didnt approved the new one. Broken Logic
Broken Logic. alterDelegate will always fail and revert since token transfer from old one to the new one wont be able to transfer
https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L374-L378 https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L624-L648
Manual Review
add Approve