Qkyrie
commented
6 years ago We chose not to mitigate risk 3 “Recovering from an accidental over deposit”, as the only risk in it would be us having a bit more work. The fixes to this problem would also impose some extra computation, which we chose not to develop.
Synopsis: When registering a vesting schedule and subsequently performing a corresponding deposit, funds that are deposited over the sum of all existing vesting schedules become inaccessible. Recovering those funds requires a new vesting schedule for the extraneous amount to be created then calling VestingWallet#endVesting to recover the funds.
Impact: Temporary locking of funds with reconciliation workflow possibly leading to additional user input mistakes.
Feasibility: High, can occur with simple typo.
Mitigation: Implement a method that explicitly balances the deposit amount to match the sum of all vesting schedules, refunding the remainder to the owner of the vesting wallet in order to reduce the complexity of recovering from over-deposit and mitigate further mistakes. This audit