Anyone can directly changevesting_start_time
to a far future timestamp,this will block the claiming process and thus locking all the tokens.
Having vesting_start_time
and vesting_end_time
public storage variables, they can be updated by anyone.
Hackers are able to set vesting_start_time
to a very far future date. There is a check here that checks if current time is greater than vesting_start_time
and reverts if current time is less than vesting_start_time
. This block all the claims until the start_time has reached.
The following test demonstrates this.
No one can claim the tokens.
Mocasin tests
Set vesting_start_time
and vesting_end_time
to private. This prevents anyone from upating them.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.