Closed sherlock-admin closed 9 months ago
Similar to #57, once recipient claim tokens, they are free to delegate and allow delegatees to vote, no issue here. In your second test, recipieint user 1 claims 1 ether, so contract has 9 ether of voting power left so delegatee should also have 9 ether of voting power, no issue here
itsabinashb
medium
VestingEscrow::Unauthorised voting
Summary
After ending a vesting period the recipient can claim tokens, the current logic considers users as recipient even after claiming their tokens. As a result they can vote. Although the voting power is not incremented if the user claim all of tokens.
Vulnerability Detail
The
claim()
ofVestingEscrow.sol
contract allows an recipient to claim tokens after vesting period ends. But there is no logic which invalidate the user after claiming the token. As a result he can vote even after long time of claiming. Actually it is not profitable for the user if he claims all tokens, but if he claims some amount of token and then vote then he can potentially increase the voting power of the delegatee, it should not be. We can verify this with test, just comment out this and this line ofTestUtil.sol
contract, create a test file in test folder and paste this test case in that file:The result:
Here we can see if the recipient withdraws all tokens then he can't increase the voting power, but he can claim minimum amount of token and use rest of tokens to increase the voting power of delegatee, replace the above test function with this test function:
Here the recipient claimed 1 ether. Result of this test is:
You can see how the user increased the voting power of the delegatee.
Impact
User can vote even after claiming tokens.
Code Snippet
Tool used
Manual Review, Foundry
Recommendation
Invalidate the user so that he can't vote after claiming.