Submission Details
Severity:
In the _calculate_vested_amount function, calculations for small vested amounts may round down to zero.
Summary
The _calculate_vested_amount function is used to calculate the amount of tokens that have vested (been granted) at a given time during a vesting period. The function takes one parameter, total_amount, which represents the total number of tokens to be vested.
Vulnerability Details
in lines
instant_release: uint256 = (total_amount * 31) // 100
linear_vesting: uint256 = (total_amount * 69) // 100
vested = instant_release + (linear_vesting * elapsed) // vesting_duration
Parameters instant_release linear_vesting for small amount can be round down to zero.
Impact
The vestedcan be wrong
Tools Used
manual review
Recommendations
Add threshold
def _calculate_vested_amount(total_amount: uint256) -> uint256:
"""
"""
current_time: uint256 = block.timestamp
start_time: uint256 = self.vesting_start_time
end_time: uint256 = self.vesting_end_time
vested: uint256 = 0
if current_time >= end_time:
return total_amount
vesting_duration: uint256 = end_time - start_time
elapsed: uint256 = current_time - start_time
instant_release: uint256 = (total_amount * 31) // 100
linear_vesting: uint256 = (total_amount * 69) // 100
vested = instant_release + (linear_vesting * elapsed) // vesting_duration
# Define a minimum threshold value to prevent rounding to zero
min_threshold: uint256 = 1 # Adjust as needed
if vested < min_threshold and vested > 0:
vested = min_threshold
return vested
Updates
Appeal created
bube 6 months ago
Submission Judgement Published Assigned finding tags:
Rounding issue in vesting calculation
Rewards breakdown
nSLOC
127This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.