Bug[high]: broken `ClaveNameService` expiration update

[pegahcarter]

Description

ClaveNameService.sol has a default domain expiration of 365 days. This value can be updated through setExpirationTime().

The requirement in setExpirationTime() is that the new expiration must at least block.timestamp + 30 days.

clave-contracts/contracts/cns/ClaveNameService.sol

Line 167 in 0719581

require(expirationTime > block.timestamp + 30 days, '[setExpirationTime] Invalid time.');

Now, expireName() has the following condition:

clave-contracts/contracts/cns/ClaveNameService.sol

Line 131 in 0719581

require(asset.renewals + expiration < block.timestamp, '[expireName] Renewal not over.');

If expiration is set to oldTimestamp + 30 days, the left side of the operation here is oldTimestamp + oldTimestamp + 30 days, meaning that the current block.timestamp must be at least double the oldTimestamp. This condition will never execute to true, leading to never-expiring names.

Suggestion

Modify setExpirationTime() conditional statement to be within a reasonable range by removing the block.timestamp addition. Additionally, set an upper bounds as setting expiration = type(uint256).max will cause expireName to overflow (unless you want to have the possibility of never-expiring names).