[ShanaBoo] [ Crypto ] Fix integer overflow in TokenVesting calculation for large allocations#4427
Closed
genesisrevelationinc-debug wants to merge 3 commits into
Closed
Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR attempts to refactor TokenVesting to use OpenZeppelin Ownable/SafeMath and to adjust vesting math + revocation behavior (especially around cliff/unvested calculations).
Changes:
- Switch contract ownership model to OpenZeppelin
Ownable. - Add linear vesting math intended to reduce truncation loss by handling remainder.
- Rework revocation logic to return “unvested minus claimed” tokens to the owner.
Comment on lines
+11
to
+13
| * @dev A token vesting contract that releases tokens linearly over time. | ||
| */ | ||
| contract TokenVesting is Ownable { |
| uint256 public claimed; | ||
| IERC20 public token; | ||
|
|
||
| struct VestingSchedule { |
Comment on lines
+8
to
+16
| IERC20 public token; | ||
| address public beneficiary; | ||
| address public owner; | ||
| * @dev A token vesting contract that releases tokens linearly over time. | ||
| */ | ||
| contract TokenVesting is Ownable { | ||
| using SafeMath for uint256; | ||
|
|
||
| uint256 public totalAllocation; | ||
| uint256 public start; | ||
| uint256 public cliff; | ||
| uint256 public duration; | ||
| uint256 public claimed; | ||
| IERC20 public token; |
Comment on lines
+55
to
+58
| function claim() external { | ||
| require(msg.sender == beneficiary, "Not beneficiary"); | ||
| uint256 amount = claimable(); | ||
| require(amount > 0, "Nothing to claim"); | ||
| claimed += amount; | ||
| token.transfer(beneficiary, amount); | ||
| emit TokensClaimed(beneficiary, amount); | ||
| } | ||
| } | ||
|
|
||
| uint256 elapsed = block.timestamp - schedule.start; |
Comment on lines
+62
to
+65
| uint256 allocationPerDuration = schedule.totalAllocation / schedule.duration; | ||
| uint256 remainder = schedule.totalAllocation % schedule.duration; | ||
|
|
||
| uint256 vested = allocationPerDuration.mul(elapsed); |
Comment on lines
+2
to
+4
| pragma solidity ^0.8.0; | ||
|
|
||
| import "@openzeppelin/contracts/utils/math/SafeMath.sol"; |
| * @dev A token vesting contract that releases tokens linearly over time. | ||
| */ | ||
| contract TokenVesting is Ownable { | ||
| using SafeMath for uint256; |
Contributor
|
Unfortunately the changes in this PR didn't fully resolve the issue. Please rework your solution and submit a new pull request. Make sure to review the acceptance criteria in the linked issue and verify all conditions are met before resubmitting. See CONTRIBUTING.md for guidelines. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ShanaBoo Autonomous Fix
This PR was automatically generated by ShanaBoo Earn Engine to claim the $350.00 bounty on this issue.
Source: Github | Task: 4454364811
Closes #917
Auto-submitted by ShanaBoo CNS — NVIDIA NIM + Microsoft Agent Framework