Inconsistency in the allowed times for claiming

Summary

Vulnerability Detail

There are 2 different vesting types - using tranches or vesting linearly. There is an inconsistency upon the timestamp when a user is allowed to fully claim his tokens between those 2 different types.

Here is when a user is allowed to fully claim his tokens when they are vesting in tranches:

if (time - delay > tranches[i].time) {
                return tranches[i].vestedFraction;
            }

The time value of the tranche must be passed. Here is when a user is allowed to fully claim his tokens when they are vesting linearly:

if (delayedTime >= end) {
            return fractionDenominator;
        }

He can claim them as soon as the end timestamp occurs. This is inconsistent and allows people that are receiving their tokens linearly to actually be able to claim them earlier.

Impact

Inconsistency in the allowed times for claiming

Code Snippet

https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/67edd899612619b0acefdcb0783ef7a8a75caeac/contracts/packages/hardhat/contracts/claim/factory/PerAddressTrancheVestingInitializable.sol#L31-L52 https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/67edd899612619b0acefdcb0783ef7a8a75caeac/contracts/packages/hardhat/contracts/claim/factory/PerAddressContinuousVestingInitializable.sol#L30-L51

Tool used

Manual Review

Recommendation

Fix the inconsistency by allowing users to claim at the end/time timestamp or after it, depending on your preferences.

sherlock-audit / 2024-05-tokensoft-distributor-contracts-update-judging

samuraii77 - Inconsistency in the allowed times for claiming #27

Inconsistency in the allowed times for claiming

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation