From 0426d1ce4a847a45ef66b5c4b3c69fff0bb4ded2 Mon Sep 17 00:00:00 2001
From: Keating <keating.dev@protonmail.com>
Date: Thu, 12 Dec 2024 13:48:19 -0500
Subject: [PATCH] Nonce cannot be incremented by depositor

---
 src/extensions/GovernanceStakerOnBehalf.sol |  9 +++++----
 test/GovernanceStakerOnBehalf.t.sol         | 14 ++++++++------
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/src/extensions/GovernanceStakerOnBehalf.sol b/src/extensions/GovernanceStakerOnBehalf.sol
index f3c2f35..844df9a 100644
--- a/src/extensions/GovernanceStakerOnBehalf.sol
+++ b/src/extensions/GovernanceStakerOnBehalf.sol
@@ -255,13 +255,14 @@ abstract contract GovernanceStakerOnBehalf is GovernanceStaker, EIP712, Nonces {
     _revertIfPastDeadline(_deadline);
     Deposit storage deposit = deposits[_depositId];
     bytes32 _claimerHash = _hashTypedDataV4(
-      keccak256(
-        abi.encode(CLAIM_REWARD_TYPEHASH, _depositId, _useNonce(deposit.claimer), _deadline)
-      )
+      keccak256(abi.encode(CLAIM_REWARD_TYPEHASH, _depositId, nonces(deposit.claimer), _deadline))
     );
     bool _isValidClaimerClaim =
       SignatureChecker.isValidSignatureNow(deposit.claimer, _claimerHash, _signature);
-    if (_isValidClaimerClaim) return _claimReward(_depositId, deposit, deposit.claimer);
+    if (_isValidClaimerClaim) {
+      _useNonce(deposit.claimer);
+      return _claimReward(_depositId, deposit, deposit.claimer);
+    }
 
     bytes32 _ownerHash = _hashTypedDataV4(
       keccak256(abi.encode(CLAIM_REWARD_TYPEHASH, _depositId, _useNonce(deposit.owner), _deadline))
diff --git a/test/GovernanceStakerOnBehalf.t.sol b/test/GovernanceStakerOnBehalf.t.sol
index f04c427..2ef56b5 100644
--- a/test/GovernanceStakerOnBehalf.t.sol
+++ b/test/GovernanceStakerOnBehalf.t.sol
@@ -1269,12 +1269,11 @@ contract ClaimRewardOnBehalf is GovernanceStakerRewardsTest {
     uint256 _depositAmount,
     uint256 _durationPercent,
     uint256 _rewardAmount,
-    address _delegatee,
     address _depositor,
     uint256 _currentNonce,
     uint256 _deadline
   ) public {
-    vm.assume(_delegatee != address(0) && _depositor != address(0) && _sender != address(0));
+    vm.assume(_depositor != address(0) && _sender != address(0));
     _claimerPrivateKey = bound(_claimerPrivateKey, 1, 100e18);
     address _claimer = vm.addr(_claimerPrivateKey);
 
@@ -1284,7 +1283,7 @@ contract ClaimRewardOnBehalf is GovernanceStakerRewardsTest {
 
     // A user deposits staking tokens
     (_depositAmount, _depositId) =
-      _boundMintAndStake(_depositor, _depositAmount, _delegatee, _claimer);
+      _boundMintAndStake(_depositor, _depositAmount, address(0x01), _claimer);
     // The contract is notified of a reward
     _mintTransferAndNotifyReward(_rewardAmount);
     // A portion of the duration passes
@@ -1307,10 +1306,12 @@ contract ClaimRewardOnBehalf is GovernanceStakerRewardsTest {
       keccak256(abi.encodePacked("\x19\x01", EIP712_DOMAIN_SEPARATOR, _message));
     bytes memory _signature = _sign(_claimerPrivateKey, _messageHash);
 
+    uint256 _oldDepositorNonce = govStaker.nonces(_depositor);
     vm.prank(_sender);
     govStaker.claimRewardOnBehalf(_depositId, _deadline, _signature);
 
     assertEq(rewardToken.balanceOf(_claimer), _earned);
+    assertEq(govStaker.nonces(_depositor), _oldDepositorNonce);
   }
 
   function testFuzz_ClaimRewardOnBehalfOfDepositor(
@@ -1319,12 +1320,11 @@ contract ClaimRewardOnBehalf is GovernanceStakerRewardsTest {
     uint256 _depositAmount,
     uint256 _durationPercent,
     uint256 _rewardAmount,
-    address _delegatee,
     address _claimer,
     uint256 _currentNonce,
     uint256 _deadline
   ) public {
-    vm.assume(_delegatee != address(0) && _claimer != address(0) && _sender != address(0));
+    vm.assume(_claimer != address(0) && _sender != address(0));
     _depositorPrivateKey = bound(_depositorPrivateKey, 1, 100e18);
     address _depositor = vm.addr(_depositorPrivateKey);
 
@@ -1334,7 +1334,7 @@ contract ClaimRewardOnBehalf is GovernanceStakerRewardsTest {
 
     // A user deposits staking tokens
     (_depositAmount, _depositId) =
-      _boundMintAndStake(_depositor, _depositAmount, _delegatee, _claimer);
+      _boundMintAndStake(_depositor, _depositAmount, address(0x01), _claimer);
     // The contract is notified of a reward
     _mintTransferAndNotifyReward(_rewardAmount);
     // A portion of the duration passes
@@ -1357,10 +1357,12 @@ contract ClaimRewardOnBehalf is GovernanceStakerRewardsTest {
       keccak256(abi.encodePacked("\x19\x01", EIP712_DOMAIN_SEPARATOR, _message));
     bytes memory _signature = _sign(_depositorPrivateKey, _messageHash);
 
+    uint256 _oldClaimerNonce = govStaker.nonces(_claimer);
     vm.prank(_sender);
     govStaker.claimRewardOnBehalf(_depositId, _deadline, _signature);
 
     assertEq(rewardToken.balanceOf(_depositor), _earned);
+    assertEq(govStaker.nonces(_claimer), _oldClaimerNonce);
   }
 
   function testFuzz_ReturnsClaimedRewardAmount(