Hidden Tweed Elephant - Reward can be lost if the Staker withdraws deposit without claiming reward #90
Labels
Won't Fix
The sponsor confirmed this issue will not be fixed
Comments
sherlock-admin3
added
the
Won't Fix
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hidden Tweed Elephant
High
Reward can be lost if the Staker withdraws deposit without claiming reward
Summary
When the staker deposit he can provide delegatee and claimer address other than himself but when the staker allots someone else as a claimer. He will not know that the claimer has claimed the reward for his deposit or not and if he mistakenly withdraws his stake then it will result in loosing out on rewards.
Vulnerability Detail
When the claimer has not called the reward for the deposit and the staker withdraws the stake then the claimer will loose out on rewards because there is no check which stops the staker from withdrawing its stake before claiming the reward. Suppose there is a reward which is being generated for the deposit which is being staked by the user and user has alloted the reward to some other claimer But because of some conditions user wants to withdraw its stake so he call the withdraw function and it will withdraw his stake and that will make the claimer loose out on rewards which is being generated for the deposit.
Impact
Severity :: HIGH
Likelihood :: MEDIUM
Claimer loosing the rewards because of the stake withdrawal by the staker before claiming the reward
Code Snippet
https://github.com/sherlock-audit/2024-11-tally/blob/main/staker/src/GovernanceStaker.sol#L392-L401
Tool used
Manual Review
Recommendation
Add a check which will check the deposit has the pending reward which should be claimed before withdrawing the stake
The text was updated successfully, but these errors were encountered: