Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rich Smoke Cheetah - Lack of incentives to call bumpEarningPower for small rewards #84

Open
sherlock-admin3 opened this issue Dec 22, 2024 · 0 comments
Open

Rich Smoke Cheetah - Lack of incentives to call bumpEarningPower for small rewards #84

sherlock-admin3 opened this issue Dec 22, 2024 · 0 comments
Labels
Won't Fix The sponsor confirmed this issue will not be fixed

Comments

@sherlock-admin3
Copy link

Rich Smoke Cheetah

Medium

Lack of incentives to call bumpEarningPower for small rewards

Summary

Since the tip that will be received in the bumpEarningPower function must be less or equal to the minimum between the unclaimed fees and the maxBumpTip, if the rewards are too small, there is a lack of incentives to call this function.

Vulnerability Detail

Here we can see that the tip that will be received in the bumpEarningPower must be less or equal to the minimum between the unclaimed fees and the maxBumpTip in the bumpEarningPower function.

    uint256 _unclaimedRewards = deposit.scaledUnclaimedRewardCheckpoint / SCALE_FACTOR;

    (uint256 _newEarningPower, bool _isQualifiedForBump) = earningPowerCalculator.getNewEarningPower(
      deposit.balance, deposit.owner, deposit.delegatee, deposit.earningPower
    );
    if (!_isQualifiedForBump || _newEarningPower == deposit.earningPower) {
      revert GovernanceStaker__Unqualified(_newEarningPower);
    }

    if (_newEarningPower > deposit.earningPower && _unclaimedRewards < _requestedTip) {
      revert GovernanceStaker__InsufficientUnclaimedRewards();
    }

    // Note: underflow causes a revert if the requested  tip is more than unclaimed rewards
    if (_newEarningPower < deposit.earningPower && (_unclaimedRewards - _requestedTip) < maxBumpTip)
    {
      revert GovernanceStaker__InsufficientUnclaimedRewards();
    }

Otherwise, the call will revert because of an underflow or a custom error. But if the reward is very small, then there is a clear lack of incentives to call this function.

Impact

Some deposits’ earning power will not be updated by bumpers, which can lead to problems in the protocol’s accounting.

Code Snippet

https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L483-L500

Tool used

Manual Review

Recommendation

In order to mitigate this issue, the protocol should implement a function that batches the protocol IDs in order to bump the earning power of many deposits at the same time and share the tip paid proportionally.
@sherlock-admin3 sherlock-admin3 added the Won't Fix The sponsor confirmed this issue will not be fixed label Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Won't Fix The sponsor confirmed this issue will not be fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin3