Description

The function name totalStaked is used in many other places in the upstream contracts, and all of those other functions define it to mean the total staked quantity — for example, in the SecurityPool contract:

/**
 * @notice returns the total staked amount for use by the rewards pool
 * controlled by this contract
 * @dev shares are used so this contract can rebase without affecting rewards
 * @return total staked amount
 */
function totalStaked() external view override returns (uint256) {
    return totalShares;
}

However, the totalStaked defined in PolygonStrategy returns the total number of active validators:

/**
    * @notice Returns the total number of active validators
    * @dev used by the validator MEV rewards pool
    * @return total number of active validators
*/
function totalStaked() public view returns (uint256) {
    uint256 totalValidators = validators.length;
    if (validatorRemoval.isActive) --totalValidators;
    return totalValidators;
}

Although this is also a uint256, it is a number with fundamentally different meaning and units. So, if it is mistakenly called under the assumption that it returns the quantity that all the other totalStaked view functions return, it can lead to developer confusion and errors.

Impact

These inconsistencies can confuse subsequent code reviews or revisions.

Recommendations

We recommend changing this function name to totalValidators.

Remediation

In addition Stake.link has provided the following response:

Naming is used to conform to the interface expected by the rewards pool.