From 7100e30bed890e476d2fdadfa54311b43335acfa Mon Sep 17 00:00:00 2001
From: Manuel Araoz <manuelaraoz@gmail.com>
Date: Mon, 29 May 2017 17:52:19 -0300
Subject: [PATCH] Implement VestedToken bug mitigation #3

---
 contracts/token/VestedToken.sol | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/contracts/token/VestedToken.sol b/contracts/token/VestedToken.sol
index 34feee6da..8adfb691d 100644
--- a/contracts/token/VestedToken.sol
+++ b/contracts/token/VestedToken.sol
@@ -8,6 +8,9 @@ import "./LimitedTransferToken.sol";
  * @dev Tokens that can be vested for a group of addresses.
  */
 contract VestedToken is StandardToken, LimitedTransferToken {
+
+  uint256 MAX_GRANTS_PER_ADDRESS = 20;
+
   struct TokenGrant {
     address granter;     // 20 bytes
     uint256 value;       // 32 bytes
@@ -45,6 +48,8 @@ contract VestedToken is StandardToken, LimitedTransferToken {
       throw;
     }
 
+    if (tokenGrantsCount(_to) > MAX_GRANTS_PER_ADDRESS) throw;   // To prevent a user being spammed and have his balance locked (out of gas attack when calculating vesting).
+
     uint count = grants[_to].push(
                 TokenGrant(
                   _revokable ? msg.sender : 0, // avoid storing an extra 20 bytes when it is non-revokable