`VestingWallet` bricked if aggregate of transfers in exceed `type(uint256).max`

If `VestingWallet` receives over `type(uint256).max`, then the function below will revert every time it is called, effectively bricking the vesting wallet.

https://github.com/OpenZeppelin/openzeppelin-contracts/blob/5def3f7c7ef13e06bf868474f258a6e232c9ecec/contracts/finance/VestingWallet.sol#L139-L144

A user can send this value by doing the following:
- Transfer the total supply of a token to the vesting wallet of amount `type(uint256).max`
- Wait for some to vest and claim it
- Transfer the claimed amount back to the vesting wallet

	/**
	* @dev Calculates the amount of tokens that has already vested. Default implementation is a linear vesting curve.
	*/
	function vestedAmount(address token, uint64 timestamp) public view virtual returns (uint256) {
	return _vestingSchedule(IERC20(token).balanceOf(address(this)) + released(token), timestamp);
	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

`VestingWallet` bricked if aggregate of transfers in exceed `type(uint256).max` #5793

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

VestingWallet bricked if aggregate of transfers in exceed type(uint256).max #5793

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

`VestingWallet` bricked if aggregate of transfers in exceed `type(uint256).max` #5793