search

sherlock-audit / 2024-05-tokensoft-distributor-contracts-update-judging

2 stars 1 forks source link

jkoppel - PerAddressContinuousVestingMerkle.claim always reverts #12

Closed sherlock-admin4 closed 1 month ago

sherlock-admin4 commented 1 month ago

jkoppel

medium

PerAddressContinuousVestingMerkle.claim always reverts

Summary

PerAddressContinuousVestingMerkle.claim always reverts

Vulnerability Detail

PerAddressContinuousVestingMerkle.claim passes in new bytes(0) instead of the (start, cliff, end) parameters of the vesting schedule. However, the recipient of this data attempts to decode it as (uint256, uint256, uint256), and thus always fails.

Impact

People cannot claim token from a PerAddressContinuousVestingMerkle distributor

Code Snippet

From

https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/main/contracts/packages/hardhat/contracts/claim/PerAddressContinuousVestingMerkle.sol#L67

    uint256 claimedAmount = _executeClaim(beneficiary, totalAmount, new bytes(0));

Unlike the code in AdvancedDistributorInitializable, AdvancedDistributor._executeClaim correctly forwards this to Distributor._executeClaim, which forwards it to PerAddressContinuousVesting.getVestedFraction, which fails if the data passed is empty

https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/main/contracts/packages/hardhat/contracts/claim/abstract/PerAddressContinuousVesting.sol#L25

    function getVestedFraction(
        address beneficiary,
        uint256 time, // time is in seconds past the epoch (e.g. block.timestamp)
    bytes memory data
    ) public view override returns (uint256) {
    (uint256 start, uint256 cliff, uint256 end) = abi.decode(data, (uint256, uint256, uint256));

Tool used

Manual Review

Recommendation

Pass an encoding of the vesting schedule along

Duplicate of #11