search

hats-finance / Circles-0x6ca9ca24d78af44582951825bef9eadcb210e5cf

Circles Protocol contracts
https://aboutcircles.com
GNU Affero General Public License v3.0
0 stars 0 forks source link

_calculateIssuance : end of claimable period is one day. But it should be 14 days. #61

Open hats-bug-reporter[bot] opened 1 week ago

hats-bug-reporter[bot] commented 1 week ago

Github username: -- Twitter username: -- Submission hash (on-chain): 0xc81ae5a97854619f816f07c9ca11b60cdaec75599677193887f4b8589d71f203 Severity: medium

Description: Description

As per the circle documents, once the circle is minted, it can be claimed retroacitvely with in 14 days of period.

The function _calculateIssuance calculates the number of circles based on the number of hours passed from last minted or the difference between current time and 14 days which is maximum.

At the end of the function, it returns the following values.

    return (
        Math64x64.mulu(Math64x64.sub(T[n], overcount), EXA),
        // start of the claimable period
        inflationDayZero + dA * 1 days + Math64x64.mulu(k, 1 hours),
        // end of the claimable period
        inflationDayZero + dB * 1 days + 1 days - Math64x64.mulu(l, 1 hours)
    );

https://aboutcircles.github.io/circles-contracts-v2/introduction/#personal-currencies:~:text=Minting%20is%20retroactive%2C%20allowing%20claims%20for%20up%20to%2014%20days%20of%20past%20elapsed%20time.

- Minting is retroactive, allowing claims for up to 14 days of past elapsed time.

This value is emitted in the event. We think that it would be used in the front end application to restircut the claim period.

As shown above the fuction _calculateIssuance just adds one day as claimable window and returns.

Impact This deviates one of the core principle of circle on the token claiming.

Attachments

  1. Revised Code File (Optional) As mentioned in the document update the value to cover the 14 days.
benjaminbollen commented 1 week ago

Thank you for your report on the _calculateIssuance function. After review, we've determined this is not an issue.

The function operates as intended, allowing claims within the specified period. The interpretation in the report appears to be based on a misunderstanding of the function's logic and purpose.

We appreciate your careful examination of our code. While this specific concern is not an issue, your attention to detail contributes to the overall quality of our system. Thank you for your participation in this security review.