Codex [ Crypto ] Fix TokenVesting overflow

[justusaugust]

/claim #917

Fixes #917.

Summary

• Replaces overflow-prone vesting math with OpenZeppelin Math.mulDiv, preserving full-precision linear vesting without an overflowing intermediate product.
• Avoids start + duration overflow in the runtime vesting path by comparing elapsed time to duration.
• Preserves final remainder behavior so the full allocation is claimable at vesting completion.
• Corrects revoke() settlement by separating vested-unclaimed tokens paid to the beneficiary from truly unvested tokens returned to the owner.
• Adds constructor validation, transfer success checks, and claim blocking after revocation.
• Includes safe .audit.json metadata with private runtime instructions redacted rather than leaked.

Verification

• npm test from solidity/ -> 6 passing
• git diff --check -> passed

Tests cover maximum-allocation overflow resistance, remainder completion, sampled linearity within one token unit, full vesting claim, cliff revocation, and post-cliff partial-claim revocation.

Note: Ganache prints a local µWS native-binary fallback warning on this machine; the suite still passes using the JS fallback.

Demo Video

• Short demo video for this PR

[github-actions]

Unfortunately the changes in this PR didn't fully resolve the issue. Please rework your solution and submit a new pull request.

Make sure to review the acceptance criteria in the linked issue and verify all conditions are met before resubmitting. See CONTRIBUTING.md for guidelines.