The error logical operator && for the condition exist at _checkOwnerOrManager
Summary
_checkOwnerOrManager have a error logical operator &&, this cause _checkOwnerOrManager check invalid and don't revoke Unvested.
Vulnerability Detail
The _checkOwnerOrManager function appears to have a logical error in its conditional statement. The use of the logical AND (&&) operator suggests that the function will only revert if msg.sender is not equal to both _owner() and _manager() simultaneously. However, considering that an address cannot be both the owner and the manager at the same time, this logical condition will always evaluate to false.
iberry
high
The error logical operator && for the condition exist at _checkOwnerOrManager
Summary
_checkOwnerOrManager have a error logical operator &&, this cause _checkOwnerOrManager check invalid and don't revoke Unvested.
Vulnerability Detail
The _checkOwnerOrManager function appears to have a logical error in its conditional statement. The use of the logical AND (&&) operator suggests that the function will only revert if msg.sender is not equal to both _owner() and _manager() simultaneously. However, considering that an address cannot be both the owner and the manager at the same time, this logical condition will always evaluate to false.
https://github.com/sherlock-audit/2024-01-rio-vesting-escrow/blob/main/rio-vesting-escrow/src/VestingEscrow.sol#L246-L250
Impact
Medium
Code Snippet
Tool used
Manual Review
Recommendation
if (msg.sender != _owner() || msg.sender != _manager()) { revert NOT_OWNER_OR_MANAGER(msg.sender); }
Duplicate of #75