Open hats-bug-reporter[bot] opened 1 week ago
Thank you for your report on the calculateIssuanceWithCheck function. After careful review, we've determined this is not an issue.
The function's ability to update the lastMintTime is intentional and does not pose a security risk. Updates only occur in response to specific actions in the v1 Hub contract, which are controlled by the user themselves. This design allows for necessary synchronization between v1 and v2 states.
We appreciate your thorough examination of our contract interactions. Your attention to potential security implications contributes to the robustness of our system. Thank you for your valuable input in this security review.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x09bee11ff3e981710710d713ff8f1c32dc63230113deb9489f02b13b0af76465 Severity: medium
Description: Description
The function
calculateIssuanceWithCheck
is external and anyone can call and update the following state variables.The other state variable which is update due to this is
_mintV1Status
of circle.Attack Scenario
Malicious user can call this function and update the
lastMintTime
. when a good user has minted their circle long before and waiting to mint, the malicious user can call and update thislastMintTime
in circle, the mint is based on the hours which is calculated using the
lastMintTime
and number of hours passed since then.This will impact the amount of circle minted to the user.
Allow only the msg.sende who is human to call this function.