Description:Description\
attacker can exploit the calculateIssuanceWithCheck() function and reset circle mint amount of user to ZERO by input a chosen user address to update the user's lastMintTime to block.timestamp.
This issue arises when a user stops the V1 token after registering in V2, as this changes the V1 status. The calculateIssuanceWithCheck() function will reset the user's lastMintTime to block.timestamp.
Since the calculateIssuanceWithCheck() function lacks access control, anyone can reset any user’s lastMintTime to block.timestamp.
As a result, attacker could frontrun the victim's personalMint() function transaction, then call the calculateIssuanceWithCheck() function to reset the victim claimable Circle tokens to zero.
**Impact\
attacker can reset another user's claimable Circle tokens to zero.
Recommendation\
consider adding access control to calculateIssuanceWithCheck() function.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x46275bc3271effce3a562559ad93bf742205104921807ff52f75ea876402167d Severity: medium
Description: Description\ attacker can exploit the
calculateIssuanceWithCheck()
function and reset circle mint amount of user to ZERO by input a chosen user address to update the user'slastMintTime
toblock.timestamp
.This issue arises when a user stops the V1 token after registering in V2, as this changes the V1 status. The
calculateIssuanceWithCheck()
function will reset the user'slastMintTime
toblock.timestamp
.Since the
calculateIssuanceWithCheck()
function lacks access control, anyone can reset any user’slastMintTime
toblock.timestamp
.As a result, attacker could frontrun the victim's
personalMint()
function transaction, then call thecalculateIssuanceWithCheck()
function to reset the victim claimable Circle tokens to zero.**Impact\ attacker can reset another user's claimable Circle tokens to zero.
Recommendation\ consider adding access control to
calculateIssuanceWithCheck()
function.