Open hats-bug-reporter[bot] opened 2 weeks ago
Thank you for your report on the migration mechanism for V1 Circles tokens. After review, we've determined this is not an issue.
The design intentionally does not allow registration in V2 solely based on holding V1 tokens. An invitation is the preferred method for most registrations to ensure a well-connected graph. However, the system remains open and permissionless, with multiple ways for users to register in V2.
We appreciate your attention to the migration process and user accessibility. Your observation helps clarify the intentional design of our registration system. Thank you for your contribution to this security review.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x20a685a40c7b6bb7df06e8a13b6b0401b5246c1f6208436368a9d954cb60d860 Severity: low
Description: Description
The current migration mechanism design contains a serious flaw that may prevent some V1 Circles token holders from migrating their tokens to the V2 system. The specific issues are as follows:
The migrate function in the Hub V2 contract requires users to be registered in the system to migrate tokens.
The conditions for users to register in Hub V2 are:
a) Being invited to join, or
b) Owning a stopped V1 Circles contract.
However, there are users who may have acquired V1 Circles tokens through direct transfers, airdrops, or secondary markets, but have never registered in Hub V1.
These users, although holding legitimate V1 tokens, cannot register in Hub V2 due to not meeting the above registration conditions, and therefore cannot perform the migration operation.
This design flaw may result in some users' assets being trapped in the V1 system, unable to benefit from the new features and advantages of the V2 system, thus affecting user rights and the overall development of the project.
Remediation Suggestions