Broken hard cap for whitelisted investors #18
Description
When a whitelisted investor is making a purchase the cap invariant check is skipped. This will allow a big whale investor to buy much more tokens than intended to be offered and put the whole crowd sale in jeopardy.
Test to demonstrate this bug:
it('whitelisted big whale investor should not exceed the cap', async function () {
const cap = (await crowdsale.cap());
const overCap = cap.mul(2);
await crowdsale.addToWhitelist(investor);
await crowdsale.buyTokens(investor, {value: overCap, from: investor}).should.be.rejectedWith(EVMThrow);
const balance = await token.balanceOf(investor);
const raised = await crowdsale.weiRaised();
balance.should.be.bignumber.equal(0);
raised.should.be.bignumber.most(cap);
})