The contract's constructor lacks a check to ensure that vesting_end_time
is set after vesting_start_time
. If these values are equal or vesting_end_time
is earlier, the vesting duration calculation results in a division by zero error, rendering the contract inoperable.
In the _calculate_vested_amount
function, the vesting duration is calculated as end_time - start_time
. If end_time
is not greater than start_time
, this results in a duration of zero, leading to a division by zero when computing the linear vesting portion. This error causes all claim
transactions to revert, preventing users from claiming tokens.
If the contract is deployed with invalid vesting times, the entire vesting mechanism fails. Users cannot claim any tokens, and the contract's functionality is permanently impaired. The owner can rescue tokens, but the primary purpose of the contract is defeated.
Manual code review.
Add a validation check in the constructor to ensure vesting_end_time
is strictly greater than vesting_start_time
:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.