Closed code423n4 closed 2 years ago
hack3r-0m
https://github.com/code-423n4/2021-11-vader/blob/main/contracts/tokens/vesting/LinearVesting.sol#L214-L226
1) vestFor allows anyone to vest on anyone's behalf. 2) vestFor allows to vest only once per user ( https://github.com/code-423n4/2021-11-vader/blob/main/contracts/tokens/vesting/LinearVesting.sol#L215-L218 )
so if some user wants to vest 1000 tokens, then a malicious actor can vest 1 token on behalf of that user. it will stop user from vesting 1000 tokens.
This can lead to protocol being unusable.
Duplicate of #229
SamSteinGG
commented
2 years ago SamSteinGG
commented
2 years ago
Handle
hack3r-0m
Vulnerability details
https://github.com/code-423n4/2021-11-vader/blob/main/contracts/tokens/vesting/LinearVesting.sol#L214-L226
1) vestFor allows anyone to vest on anyone's behalf. 2) vestFor allows to vest only once per user ( https://github.com/code-423n4/2021-11-vader/blob/main/contracts/tokens/vesting/LinearVesting.sol#L215-L218 )
so if some user wants to vest 1000 tokens, then a malicious actor can vest 1 token on behalf of that user. it will stop user from vesting 1000 tokens.
This can lead to protocol being unusable.