Closed c4-bot-9 closed 3 months ago
cryptotechmaker (sponsor) confirmed
tapiocadao marked the issue as disagree with severity
dmvt marked the issue as primary issue
dmvt marked issue #111 as primary and marked this issue as a duplicate of 111
dmvt marked the issue as satisfactory
Lines of code
https://github.com/Tapioca-DAO/tap-token/blob/20a83b1d2d5577653610a6c3879dff9df4968345/contracts/tokens/Vesting.sol#L273-L274
Vulnerability details
Description
The vesting contract in tap-token has a feature to release a certain portion of amount directly called
initialUnlock
.Here is how it is calculated when querying how much is vested at a point in time,
Vesting::_vested
:Unfortunately, there's an issue. The contract simply offsets the start time with the initial
__initialUnlockTimeOffset
(initialUnlock
). Hence at the end of the vesting period,block.timestamp - start
can become larger than_duration
, vesting a larger amount than intended.This will reset as soon as the
_duration
is reached so it requires a user to claim just before the_duration
has reached its end.Impact
Vestors in pools with
initialUnlocks
will be able to claim more vested than intended. This will impact vestors who claim later as there might not be enough tokens in the contract to cover their withdrawals.Proof of Concept
Test in
tap-token/test/Vesting.t.sol
:Tools Used
Manual audit
Recommended Mitigation Steps
Consider rethinking the method of providing the
initialUnlock
, if you either want a less steep slope or a non-vesting period until it should start to vest again.Assessed type
Math