Refactor vesting mechanics into external TokenVesting contract

[maraoz]

Currently, vesting of tokens is implemented via the VestedToken token contract.
After reading the Trustless SNT Selling Contract contract, I realized a more elegant solution would be to implement vesting of tokens in the contract holding the tokens, not in the token contract.

I propose moving the vesting mechanics to a new contract, dubbed TokenVesting, which holds tokens, and releases them in time to another address according to a vesting schedule. This takes all the complex vesting mechanics away from the token contract, reducing the potential attack surface.
I think this may be the way to add features to tokens without making their code grow too much: externalizing them to other contracts.

[izqui]

I completely agree with this and was something audits to the Aragon token pointed out after the source code was already locked but decided against modifying it close to the sale.

The only advantage I still see on having the vesting in the token itself is that if a vested holder follows the vesting schedule and only tries to spend their tokens when they can, they won't even experience there was a vesting at all, as they will be able to just interact with the token contract.

What I think would solve this is if the contract that held the tokens and applied the vesting conformed to ERC20 to some extent. This way people could use already existing tools that interact with tokens to transfer the tokens when the time comes, the only difference is that they would need to perform the transfer in the token holding contract instead of the proper token.

[federicobond]

A thousand times yes!

[frangio]

The same mechanism is used by TokenTimelock.

[SylTi]

I would advise completely abstracting the vesting, so you could also make EtherVesting => allow people to slowly release the funds of a crowdsale

[maraoz]

Great idea @SylTi !

[izqui]

I made an EtherToken implementation for Aragon on top of Zeppelin that could easily be incorporated for this purpose https://github.com/aragon/aragon-core/blob/master/contracts/tokens/EtherToken.sol

…

On Fri, Aug 4, 2017, 5:22 PM Manuel Aráoz ***@***.***> wrote: Great idea @SylTi <https://github.com/sylti> ! — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#274 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAbTYJkSxLQJIrOn9DVRSkzFqRgkMY0Mks5sUzdEgaJpZM4ODp1b> .

[maraoz]

Completed in #476