Token Distribution Security Audit

We were tasked with auditing the vesting token implementation by Sheesha Finance meant to be repurposed for multiple projects.

The vesting system operates by authorizing withdrawals via ECDSA cryptographic signatures using an owner-granted authorization role and nonce-based signature validation system.

Over the course of the audit we identified certain misbehaviours that can manifest as well best practices that can be applied to the codebase to further enhance the security level it attains.

Additionally, the configurational variables of each repurposed vesting implementation are not set at the base contract, leading to code duplication as well as input sanitization not being consistent across the contracts. We advise the assignments to be relocated to the respective base contracts to render input sanitization greatly simpler.

During the audit, we filtered and validated a total of 1 findings utilizing static analysis tools as well as identified a total of 20 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.

The list below covers each segment of the audit in depth and links to the respective chapter of the report:

• 💻 Compilation
• 🔍 Static Analysis
• 👁️ Manual Review
• 🖋️ Code Style