Open hats-bug-reporter[bot] opened 2 days ago
the view function calculateIssuance
cannot update state, so if it would base off read but not stored state, it's returned result would be inconsistent with the later mint in personal mint; the stateful function calculateIssuanceWithCheck
exists explicitly for your concern to perform the check, calculate the issuance, but not mint it (as Personal Mint would do)
Github username: -- Twitter username: -- Submission hash (on-chain): 0xc00ffc08600bf4ae418d3d2bba74678ae2b2dddb9df09078d2c62c13f29e1cdb Severity: low
Description: If user signs up in V1 after registering in V2, both the
calculateIssuance()
andlook()
functions start calculating mintable tokens for the user. obviously, the user can't mint in V2 because it would revert due to minting being blocked. If user stops V1 before minting in V2, it would mint zero tokens and start calculating from scratch. The point is that both view functions in V1 and V2 return mintable tokens correctly; however, thecalculateIssuance()
function in V2 should revert zero because these amounts can't be minted by thepersonalMint()
function. The issue arises if third-party protocols rely on thecalculateIssuance()
function in their logic, which might cause a loss of funds or logic errors.Impact\ Potential loss of funds or logic errors for third-party protocols.
POC
V1MintStatusUpdate.t.sol
run with
forge t --mt test_poc -vvv