The adjust function in the smart contract has a vulnerability that allows the total claimable tokens for a beneficiary to be adjusted without verifying whether the new total is greater than or equal to the previously claimed amount. As a result, some users may experience reverted claim functions even when they have sufficient claimable tokens.
Vulnerability Detail
The issue arises when the function decreases the claimable tokens. It fails to check whether the new total (after adjustment) is less than the previously claimed amount. Consequently, this can negatively impact users who attempt to redeem their tokens.
Impact
Users with enough token to claim based on the calculation by the claimable function are unable to claim tokens even though they have enough claimable tokens.
Based on the code implementation a users total can be adjusted by owner but this fails to check if the beneficiary's claimed amount is more than the new total.
Therefore,
The total amount to be claimed by all users 1,000,000.
user B has claimed 10,000. out of his 12,000 initial total.
owner calls to reduce beneficiary's total to 9,000.
user B will not be able to claim again HAS claimable amount will be 0
but this line shows that
token.safeTransfer(owner(), diff);
The difference is transferred out of the entire pool's total.
this will negatively affect another user let say user Z. who is the last to redeem because 8000 token will be available
Bigsam
medium
Vulnerability/Limitation in
adjustFunctionSummary
The
adjustfunction in the smart contract has a vulnerability that allows the total claimable tokens for a beneficiary to be adjusted without verifying whether the new total is greater than or equal to the previously claimed amount. As a result, some users may experience reverted claim functions even when they have sufficient claimable tokens.Vulnerability Detail
The issue arises when the function decreases the claimable tokens. It fails to check whether the new total (after adjustment) is less than the previously claimed amount. Consequently, this can negatively impact users who attempt to redeem their tokens.
Impact
Users with enough token to claim based on the calculation by the claimable function are unable to claim tokens even though they have enough claimable tokens.
Based on the code implementation a users total can be adjusted by owner but this fails to check if the beneficiary's claimed amount is more than the new total. Therefore,
The total amount to be claimed by all users 1,000,000.
user B has claimed 10,000. out of his 12,000 initial total.
owner calls to reduce beneficiary's total to 9,000.
user B will not be able to claim again HAS claimable amount will be 0
but this line shows that
The difference is transferred out of the entire pool's total.
and his total claimable amount is 9000 .
Code Snippet
https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/main/contracts/packages/hardhat/contracts/claim/abstract/AdvancedDistributor.sol#L111-L140 https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/main/contracts/packages/hardhat/contracts/claim/PerAddressContinuousVestingMerkle.sol#L69 https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/main/contracts/packages/hardhat/contracts/claim/PerAddressTrancheVestingMerkle.sol#L66 https://github.com/sherlock-audit/2024-05-tokensoft-distributor-contracts-update/blob/main/contracts/packages/hardhat/contracts/claim/abstract/Distributor.sol#L89-L97
Tool used
Manual Review
Recommendation
To address this vulnerability: