AdvancedDistributorInitializable is sending 0 bytes to decode which causes DOS
Summary
Impact : PerAddressContinuousVestingMerkleDistributor and PerAddressTrancheVestingMerkleDistributor vesting beneficiaries can never claim their tokens. Even if data is passed from claim(), the internal call AdvancedDistributorInitializable._executeClaim makes them 0.
Vulnerability Detail
Claiming from PerAddressContinuousVestingMerkleDistributor and PerAddressTrancheVestingMerkleDistributor contracts is not possible due to two reasons
In PerAddressContinuousVestingMerkleDistributor.claim() itself, the data is sent zero in L67 below, so it will revert on L38 below on PerAddressTrancheVestingInitializable.getVestedFraction()
But even if it fixed, the L38 below reverts due to L113 below on AdvancedDistributorInitializable._executeClaim, because AdvancedDistributorInitializable is inherited by PerAddressContinuousVestingMerkleDistributor.
PerAddressContinuousVestingMerkleDistributor and PerAddressTrancheVestingMerkleDistributor vesting beneficiaries can never claim their tokens. Even if data is passed from claim(), the internal call AdvancedDistributorInitializable._executeClaim makes them 0.
Ironsidesec
medium
AdvancedDistributorInitializable is sending 0 bytes to decode which causes DOS
Summary
Impact :
PerAddressContinuousVestingMerkleDistributor
andPerAddressTrancheVestingMerkleDistributor
vesting beneficiaries can never claim their tokens. Even if data is passed fromclaim()
, the internal callAdvancedDistributorInitializable._executeClaim
makes them 0.Vulnerability Detail
Claiming from
PerAddressContinuousVestingMerkleDistributor
andPerAddressTrancheVestingMerkleDistributor
contracts is not possible due to two reasonsIn
PerAddressContinuousVestingMerkleDistributor.claim()
itself, the data is sent zero in L67 below, so it will revert on L38 below onPerAddressTrancheVestingInitializable.getVestedFraction()
But even if it fixed, the L38 below reverts due to L113 below on
AdvancedDistributorInitializable._executeClaim
, becauseAdvancedDistributorInitializable
is inherited byPerAddressContinuousVestingMerkleDistributor
.So fixing 1 doesn't fix the other or vice versa.
https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/67edd899612619b0acefdcb0783ef7a8a75caeac/contracts/packages/hardhat/contracts/claim/factory/PerAddressTrancheVestingInitializable.sol#L38
https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/67edd899612619b0acefdcb0783ef7a8a75caeac/contracts/packages/hardhat/contracts/claim/factory/PerAddressContinuousVestingMerkleDistributor.sol#L66
https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/67edd899612619b0acefdcb0783ef7a8a75caeac/contracts/packages/hardhat/contracts/claim/factory/AdvancedDistributorInitializable.sol#L112
Impact
PerAddressContinuousVestingMerkleDistributor
andPerAddressTrancheVestingMerkleDistributor
vesting beneficiaries can never claim their tokens. Even if data is passed fromclaim()
, the internal callAdvancedDistributorInitializable._executeClaim
makes them 0.Code Snippet
https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/67edd899612619b0acefdcb0783ef7a8a75caeac/contracts/packages/hardhat/contracts/claim/factory/AdvancedDistributorInitializable.sol#L112
Tool used
Manual Review
Recommendation
https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/67edd899612619b0acefdcb0783ef7a8a75caeac/contracts/packages/hardhat/contracts/claim/factory/AdvancedDistributorInitializable.sol#L112
Duplicate of #11