Github username: @bahurum
Submission hash (on-chain): 0x237585fadf9f48a0927a8dc394c515dc1870caa41a96c96dd44d586442969686
Severity: medium
Description:Description\
In TokenLock.revoke() the unvested tokens are sent to the owner and the contract is destroyed afterwards.
The issue is that the unvested tokens are only a part of the total tokens inside the TokenLock, which is a sum of:
unvested tokens
vested tokens that have not been released by the beneficiary yet so are still in the contract. This amount is returned by releasableAmount()
surplusAmount()
Since the contract is destroyed after it is revoked, releasableAmount() + surplusAmount() will be stuck permanently in the TokenLock.
Recommendation\
Consider returning releasableAmount() + surplusAmount() either to the owner or the beneficiary before the contract is destroyed.
Github username: @bahurum Submission hash (on-chain): 0x237585fadf9f48a0927a8dc394c515dc1870caa41a96c96dd44d586442969686 Severity: medium
Description: Description\ In
TokenLock.revoke()
the unvested tokens are sent to the owner and the contract is destroyed afterwards. The issue is that the unvested tokens are only a part of the total tokens inside theTokenLock
, which is a sum of:beneficiary
yet so are still in the contract. This amount is returned byreleasableAmount()
surplusAmount()
Since the contract is destroyed after it is revoked,
releasableAmount() + surplusAmount()
will be stuck permanently in theTokenLock
.Recommendation\ Consider returning
releasableAmount() + surplusAmount()
either to the owner or the beneficiary before the contract is destroyed.To return to the owner:
To return to the beneficiary: