search

sherlock-audit / 2024-05-tokensoft-distributor-contracts-update-judging

2 stars 1 forks source link

jkoppel - PerAddressContinuousVestingMerkleDistributor.claim always reverts #13

Closed sherlock-admin2 closed 1 month ago

sherlock-admin2 commented 1 month ago

jkoppel

medium

PerAddressContinuousVestingMerkleDistributor.claim always reverts

Summary

PerAddressContinuousVestingMerkleDistributor.claim always reverts

Vulnerability Detail

PerAddressContinuousVestingMerkleDistributor.claim passes in new bytes(0) instead of the (start, cliff, end) parameters of the vesting schedule. However, the recipient of this data attempts to decode it as (uint256, uint256, uint256), and thus always fails.

Impact

People cannot claim token from a PerAddressContinuousVestingMerkleDistributor

There is a separate issue where AdvancedDistributorInitializable ignores its data argument and passes in new bytes(0) as well. However, these two issues are independent.

Code Snippet

From

https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/main/contracts/packages/hardhat/contracts/claim/factory/PerAddressContinuousVestingMerkleDistributor.sol#L66C1-L67C1

        uint256 claimedAmount = super._executeClaim(beneficiary, totalAmount, new bytes(0));

This is intended to be forwarded to

https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/main/contracts/packages/hardhat/contracts/claim/factory/PerAddressContinuousVestingInitializable.sol#L30C1-L36C1

    function getVestedFraction(
        address beneficiary,
        uint256 time, // time is in seconds past the epoch (e.g. block.timestamp)
        bytes memory data
    ) public view override returns (uint256) {
        (uint256 start, uint256 cliff, uint256 end) = abi.decode(data, (uint256, uint256, uint256));

And hence always reverts

Tool used

Manual Review

Recommendation

Pass an encoding of the vesting schedule along

Duplicate of #11