Vesting Contract

Issue 01

Description

The owner of the contract can call addInvestor which will add an address to the vesting contract. The vesting contract is minting tokens for each investor, therefore the team can use this ability to mint tokens.

Recommendation

Our recommendation is to transfer the ownership to a timelock contract in order to delay the execution of such methods or to mint all tokens beforehand and remove minting functionality from the vesting contract.

Issue 02

Description

This function calculates the amount of unlocked tokens for investor.

Recommendation:

Consider making this function public in order to have a way for investors to get the amount of tokens unlocked.

Issue 03

Description

isFinalized unused.

Recommendation

Remove unused variables and functions from the code to save on gas fees and storage.

Issue 04

Description

The function withdrawTokens mint tokens for the investor.

Consider adding a sanity check that checks the investor didn't withdraw more than the initial allocation in this function.

Issue 05

Description

startTime is not accurate since the starting time is _initialTimeStamp.

Recommendation

consider changing the return value in getInvestorStartTime to the initial timestamp.

Issue 06

Description

The variable _totalAllocatedAmount is not used in the code, and is declared as private.

Recommendation

Consider making it public.

Issue 07

Description

getInitialTimestamp is not called in the contract.

Recommendation

Consider declaring it external to save on gas fees.

Issue 08

Description

   require(
            investor.withdrawnTokens <= investor.tokensAllotment,
            "withdrawTokens: investor has already withdrawn all available balance"
        );

This require statement should make sure the withdrawn amount of tokens is strictly lower than the allotment not lower equal to.

General Notes

  1. Consider adding a function that will return useful data for investors in one call - for example, total allocation, amount of unlocked tokens, next unlock time, end of cliff timestamp and end of vesting timestamp.

  2. From our experience, investors don't expect vesting contracts to mint tokens this can create a scenario where less tech-savvy users won't understand the tokenomics and why tokens keep being minted from different contracts. We strongly recommend to mint all vested tokens before vesting starts and simply distributing them in the vesting contract.

  3. Consider adding a way to edit vesting data before vesting starts (when not initialized).

PreviousFindingsNextFindings

Last updated