PerAddressContinuousVestingMerkleDistributor.claim passes in new bytes(0) instead of the (start, cliff, end) parameters of the vesting schedule. However, the recipient of this data attempts to decode it as (uint256, uint256, uint256), and thus always fails.
Impact
People cannot claim token from a PerAddressContinuousVestingMerkleDistributor
There is a separate issue where AdvancedDistributorInitializable ignores its data argument and passes in new bytes(0) as well. However, these two issues are independent.
function getVestedFraction(
address beneficiary,
uint256 time, // time is in seconds past the epoch (e.g. block.timestamp)
bytes memory data
) public view override returns (uint256) {
(uint256 start, uint256 cliff, uint256 end) = abi.decode(data, (uint256, uint256, uint256));
jkoppel
medium
PerAddressContinuousVestingMerkleDistributor.claim always reverts
Summary
PerAddressContinuousVestingMerkleDistributor.claim always reverts
Vulnerability Detail
PerAddressContinuousVestingMerkleDistributor.claim passes in
new bytes(0)
instead of the (start, cliff, end) parameters of the vesting schedule. However, the recipient of this data attempts to decode it as (uint256, uint256, uint256), and thus always fails.Impact
People cannot claim token from a PerAddressContinuousVestingMerkleDistributor
There is a separate issue where AdvancedDistributorInitializable ignores its data argument and passes in new bytes(0) as well. However, these two issues are independent.
Code Snippet
From
https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/main/contracts/packages/hardhat/contracts/claim/factory/PerAddressContinuousVestingMerkleDistributor.sol#L66C1-L67C1
This is intended to be forwarded to
https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/main/contracts/packages/hardhat/contracts/claim/factory/PerAddressContinuousVestingInitializable.sol#L30C1-L36C1
And hence always reverts
Tool used
Manual Review
Recommendation
Pass an encoding of the vesting schedule along
Duplicate of #11