Puny Tan Millipede - Incorrect validation check for tipping amount

[sherlock-admin3]

Puny Tan Millipede

Medium

Incorrect validation check for tipping amount

Summary

The bumpEarningPower function contains an incorrect validation check for tip amounts against unclaimed rewards, potentially causing valid transactions to fail due to a flawed comparison with maxBumpTip.

Vulnerability Detail

The current validation logic is flawed in its implementation:

• The function uses (_unclaimedRewards - _requestedTip) < maxBumpTip to validate tips
• This check compares the remaining rewards against maxBumpTip instead of directly validating if _requestedTip exceeds _unclaimedRewards
• The condition could cause transactions to fail even when there are sufficient unclaimed rewards to cover the requested tip
• The issue occurs specifically when _newEarningPower < deposit.earningPower

Impact

• Valid transactions may be incorrectly reverted
• Bumpers might be unable to claim legitimate tips even when sufficient unclaimed rewards exist
• Function behavior does not align with its intended purpose of ensuring tips don't exceed available rewards
• Could discourage legitimate bumpers from participating in the system

Code Snippet

https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L496-L500

Tool used

Manual Review

Recommendation

Replace the current condition with a direct comparison between _requestedTip and _unclaimedRewards:

if (_newEarningPower < deposit.earningPower && _requestedTip > _unclaimedRewards) {
    revert GovernanceStaker__InsufficientUnclaimedRewards();
}

This will properly validate that requested tips don`t exceed available rewards, to prevent incorrect transactions reversions.