search

sherlock-audit / 2024-05-tokensoft-distributor-contracts-update-judging

2 stars 1 forks source link

nfmelendez - PerAddressTrancheVestingMerkleDistributor claim will always revert #19

Closed sherlock-admin2 closed 1 month ago

sherlock-admin2 commented 1 month ago

nfmelendez

high

PerAddressTrancheVestingMerkleDistributor claim will always revert

Summary

claim method in PerAddressTrancheVestingMerkleDistributor is sending empty data instead of tranches data to _executeClaim method and will always fail because claimableAmount will be 0 in DistributorInitializable#_executeClaim when execute claim.

Vulnerability Detail

PerAddressTrancheVestingMerkleDistributor#claim is sending empty data to _executeClaim method as parameter instead of tranches data so the PerAddressTrancheVestingInitializable#getVestedFraction will always return 0 and that makes DistributorInitializable#getClaimableAmount return 0 that will make claimableAmount equal 0 in DistributorInitializable#_executeClaim and will revert when require(claimableAmount > 0, "..."); in DistributorInitializable#_executeClaim.

Impact

PerAddressTrancheVestingMerkleDistributor is broken, Users can't claim because will always revert with message "Distributor: no more tokens claimable right now"

Code Snippet

claim method in PerAddressTrancheVestingMerkleDistributor is sending empty data to _executeClaim

https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/main/contracts/packages/hardhat/contracts/claim/factory/PerAddressTrancheVestingMerkleDistributor.sol#L62

Always revert in require(claimableAmount > 0, "..."); :

https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/main/contracts/packages/hardhat/contracts/claim/factory/DistributorInitializable.sol#L75-L76

Tool used

Manual Review

Recommendation

Claim function should be pretty much like PerAddressTrancheVestingMerkle#claim

  function claim(
    uint256 index, 
    address beneficiary,
    uint256 totalAmount,
    Tranche[] calldata tranches, //@audit add tranches data here
    bytes32[] calldata merkleProof
  )
    external
    validMerkleProof(keccak256(abi.encodePacked(index, beneficiary, totalAmount, abi.encode(tranches))), merkleProof) //@audit verify tranches here
    nonReentrant
  {

    bytes memory data = abi.encode(tranches); //@audit decode tranches here 
    uint256 claimedAmount = _executeClaim(beneficiary, totalAmount, data);
    _settleClaim(beneficiary, claimedAmount);
  }

Duplicate of #11