search

hats-finance / Circles-0x6ca9ca24d78af44582951825bef9eadcb210e5cf

Circles Protocol contracts
https://aboutcircles.com
GNU Affero General Public License v3.0
0 stars 0 forks source link

calculateIssuanceWithCheck : anyone can call this function and update the `lastMintTime` #62

Open hats-bug-reporter[bot] opened 1 week ago

hats-bug-reporter[bot] commented 1 week ago

Github username: -- Twitter username: -- Submission hash (on-chain): 0x09bee11ff3e981710710d713ff8f1c32dc63230113deb9489f02b13b0af76465 Severity: medium

Description: Description

function calculateIssuanceWithCheck(address _human) external returns (uint256, uint256, uint256) {
    // check if v1 Circles is known to be stopped and update status
    _checkHumanV1CirclesStatus(_human);
    // calculate issuance for the human avatar, but don't mint
    return _calculateIssuance(_human);
}

The function calculateIssuanceWithCheck is external and anyone can call and update the following state variables.

        mintTime.mintV1Status = _mintV1Status;
        mintTime.lastMintTime = uint96(block.timestamp);

The other state variable which is update due to this is _mintV1Status of circle.

Attack Scenario

Malicious user can call this function and update the lastMintTime. when a good user has minted their circle long before and waiting to mint, the malicious user can call and update this lastMintTime

in circle, the mint is based on the hours which is calculated using the lastMintTime and number of hours passed since then.

This will impact the amount of circle minted to the user.

  1. Revised Code File (Optional)

Allow only the msg.sende who is human to call this function.

benjaminbollen commented 1 week ago

Thank you for your report on the calculateIssuanceWithCheck function. After careful review, we've determined this is not an issue.

The function's ability to update the lastMintTime is intentional and does not pose a security risk. Updates only occur in response to specific actions in the v1 Hub contract, which are controlled by the user themselves. This design allows for necessary synchronization between v1 and v2 states.

We appreciate your thorough examination of our contract interactions. Your attention to potential security implications contributes to the robustness of our system. Thank you for your valuable input in this security review.