function getVestedFraction(address beneficiary, uint256 time, bytes memory data) public view override returns (uint256) {
Tranche[] memory tranches = abi.decode(data, (Tranche[]));
uint256 delay = getFairDelayTime(beneficiary);
for (uint256 i = tranches.length; i != 0;) {
unchecked {
--i;
}
if (time - delay > tranches[i].time) {
return tranches[i].vestedFraction;
}
}
return 0;
}
As seen, the data parameter is utilised however it will be passed as bytes(0) meaning it will not function as intended and will be incorrectly decoded leading to a revert.
Impact
The inability to pass the data parameter into _executeClaim will lead to the function to not work as intended, leading to a breaking of functionality.
BiasedMerc
medium
AdvancedDistributorInitializable::_executeClaim() doesn't allow to pass custom data parameter
Summary
AdvancedDistributorInitializable::_executeClaim()
doesn't allow to pass custom data parameter, which will lead to reverts when inherited.Vulnerability Detail
AdvancedDistributorInitializable::_executeClaim()
The
data
field when callingsuper._executeClaim
is set tonew bytes(0)
.PerAddressTrancheVestingInitializable
inheritsAdvancedDistributorInitializable
and contains the following PerAddressTrancheVestingInitializable::getVestedFraction() function:As seen, the
data
parameter is utilised however it will be passed asbytes(0)
meaning it will not function as intended and will be incorrectly decoded leading to a revert.Impact
The inability to pass the
data
parameter into_executeClaim
will lead to the function to not work as intended, leading to a breaking of functionality.Code Snippet
AdvancedDistributorInitializable::_executeClaim() PerAddressTrancheVestingInitializable::getVestedFraction()
Tool used
Manual Review
Recommendation
Do not set the
data
parameter tobytes(0)
and instead utilise the passeddata
parameter, e.g:AdvancedDistributorInitializable::_executeClaim()
Duplicate of #11