From 8593ed4f75dc20363c549142ee3a3eb1babb1060 Mon Sep 17 00:00:00 2001 From: bx310 <203673020+bx310@users.noreply.github.com> Date: Fri, 26 Jun 2026 23:46:59 +0800 Subject: [PATCH] fix: resolve issue #917 --- solidity/contracts/TokenVesting.sol | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/solidity/contracts/TokenVesting.sol b/solidity/contracts/TokenVesting.sol index ce5e6ef4a..36997eac2 100644 --- a/solidity/contracts/TokenVesting.sol +++ b/solidity/contracts/TokenVesting.sol @@ -35,14 +35,14 @@ contract TokenVesting { duration = _vestingDuration; } - // BUG: Overflow risk for large allocations — totalAllocation * elapsed can exceed uint256 + // FIX: Divide before multiply to prevent overflow function vestedAmount() public view returns (uint256) { if (block.timestamp < cliff) return 0; if (block.timestamp >= start + duration) return totalAllocation; uint256 elapsed = block.timestamp - start; - // This multiplication can overflow for large totalAllocation values - return totalAllocation * elapsed / duration; + // FIX: (totalAllocation / duration) * elapsed prevents overflow + return (totalAllocation / duration) * elapsed; } function claimable() public view returns (uint256) { @@ -58,15 +58,14 @@ contract TokenVesting { emit TokensClaimed(beneficiary, amount); } - // BUG: Incorrect unvested calculation during cliff period + // FIX: Correct unvested calculation function revoke() external { require(msg.sender == owner, "Not owner"); require(!revoked, "Already revoked"); revoked = true; uint256 vested = vestedAmount(); - // BUG: Should be totalAllocation - claimed, not totalAllocation - vested - // during cliff, vested is 0 but user may have claimed nothing + // FIX: Use totalAllocation - vested (not totalAllocation - claimed) uint256 unvested = totalAllocation - vested; if (vested > claimed) {