Summary

The contract's constructor lacks a check to ensure that vesting_end_time is set after vesting_start_time. If these values are equal or vesting_end_time is earlier, the vesting duration calculation results in a division by zero error, rendering the contract inoperable.

Vulnerability Details

In the _calculate_vested_amount function, the vesting duration is calculated as end_time - start_time. If end_time is not greater than start_time, this results in a duration of zero, leading to a division by zero when computing the linear vesting portion. This error causes all claim transactions to revert, preventing users from claiming tokens.

Impact

If the contract is deployed with invalid vesting times, the entire vesting mechanism fails. Users cannot claim any tokens, and the contract's functionality is permanently impaired. The owner can rescue tokens, but the primary purpose of the contract is defeated.

Tools Used

Manual code review.

Recommendations

Add a validation check in the constructor to ensure vesting_end_time is strictly greater than vesting_start_time: