Frequently bumping to increase earning power may eat depositor rewards

[CergyK]

Description

The bump mechanism is intended to incentivize keepers to update depositors earning power in exchange for a fee. We can see that in the case the earning power is increased, the keeper can take the whole rewards intended for the depositor :

GovernanceStaker.sol#L489-L491:

    if (_newEarningPower > deposit.earningPower && _unclaimedRewards < _requestedTip) {
        revert GovernanceStaker__InsufficientUnclaimedRewards();
    }

The only constraint is that _requestedTip should be lower than maxBumpTip.

GovernanceStaker.sol#L473:

    if (_requestedTip > maxBumpTip) revert GovernanceStaker__InvalidTip();

This behavior may be expected and may not be a problem with the current implementation of calculator BinaryBinaryEligibilityOracleEarningPowerCalculator, but future implementations may have a more continuous formula for earning power which would result in the ability to bump earning power more frequently.

Impact

Depositor rewards are stolen by keepers

Recommendation

Multiple mitigations may envisioned:

• Design _isQualifiedForBump calculation in the calculator in order to rate limit bumping
• Limit bump tip to a fraction of rewards in the increase case

[alexkeating]

Will document

[CergyK]

Documented in withtally/staker#90