Manipulation of Deadline Time in `sellProfits` Function
Summary
The sellProfits function in the "Fees" contract sets the swap deadline using the block.timestamp, which represents the current timestamp (Unix time) when the transaction is mined. This design exposes the contract to potential manipulation of the deadline time by miners, undermining the reliability of time-sensitive operations.
Vulnerability Details
The vulnerability lies in setting the swap deadline using block.timestamp in the sellProfits function:
By using block.timestamp to set the deadline, the contract allows miners to influence the deadline by controlling the block timestamp when they include the transaction in a block. Miners can manipulate the block timestamp within certain limits, leading to unreliable deadline enforcement for time-sensitive operations like token swaps.
Impact
The manipulation of the deadline time by miners can affect the accuracy and security of token swaps. If miners purposefully include transactions in blocks with manipulated timestamps or if there are significant network delays, users may not receive the expected amount of WETH due to changes in the market prices of the tokens being swapped. This can lead to slippage and cause unexpected financial outcomes for users, resulting in potential losses.
Tools Used
Manual
Recommendations
use block.number instead of block.timestamp
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.