RotatingKeys : `ringKeyUpdateInterval` is not enforced

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0x3673a3a79ac0946d44da8830e72cee3f8e24f3e45e2b1c344a1c769cc54a2212 Severity: low

Description: Description\

RotatingKeys is abstract contract which is used by the VaultBitcoinWallet contract.

The first ring key is updated during the contract creation and after that whenever the deposit made, the _updateRingKey function is called internally from the VaultBitcoinWallet contract and key is updated.

_onActionDeposit - _updateKey.

we noticied a state varibale declared in the RotatingKeys contract which is set as 1 day.

uint256 public ringKeyUpdateInterval = 1 days;

Also, we noticied that the function _updateRingKey tracks the time using the _lastRingKeyUpdate whenever the key is updated.

RotatingKeys.sol#L20-L29

    function _updateRingKey(bytes32 _entropy) internal {
        bytes32 newKey = bytes32(Sapphire.randomBytes(32, abi.encodePacked(_entropy)));

        uint newIndex = _ringKeys.length;
        _ringKeys.push(newKey);

        _lastRingKeyUpdate = block.timestamp; -->> refer here

        emit ActualRingKeyRenewed(newIndex);
    }

but, nowhere in the contract theringKeyUpdateInterval is enforced to update the key.

Impact\ We think that the key is updated with respect to some time limit. This has been missed in the current code.

2. Revised Code File (Optional)

We would sugges to handle the key update based on the ringKeyUpdateInterval

[party-for-illuminati]

It isn't needed