VestingWallet#registerVestingSchedule registers the vesting schedule and
assumes the _depositor will transfer tokens to vest. If this second implied transaction
does not occur or it transfers fewer tokens than the vesting schedule defines, some token
recipients will be unable to withdraw funds.
Impact: Potential loss of funds
Feasibility: High, can occur due to poor internal communication.
Mitigation: Redesign this into an approval flow where a vesting schedule does not become
valid/active until a corresponding deposit is made (or there already exists an appropriate
deposit).
VestingWallet#registerVestingScheduleregisters the vesting schedule and assumes the _depositor will transfer tokens to vest. If this second implied transaction does not occur or it transfers fewer tokens than the vesting schedule defines, some token recipients will be unable to withdraw funds.Impact: Potential loss of funds
Feasibility: High, can occur due to poor internal communication.
Mitigation: Redesign this into an approval flow where a vesting schedule does not become valid/active until a corresponding deposit is made (or there already exists an appropriate deposit).