Sandoche

**Name of the Vulnerable Software and Affected Versions** Evmos versions 18.1.0 and earlier **Description** The issue affects users who have funds managed via `ClawbackVestingAccount`, allowing them to delegate tokens that have not yet been vested. This impacts employees and grantees. **Recommendations** For versions 18.1.0 and earlier, update to a newer version that includes the fix, as the current version allows premature token delegation. As a temporary workaround, consider containing the information about this vulnerability to minimize the number of users who know about it and can thus exploit it. There is no effective workaround to fix or remediate this issue without a new release.