DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Dangerous usage of block.timestamp

kiteweb3

Summary

Dangerous usage of block.timestamp in several functions. block.timestamp can be manipulated by miners.

Vulnerability Details

contracts/libraries/LibOracle.sol#64-110

LibOracle.baseOracleCircuitBreaker(uint256,uint80,int256,uint256,uint256) uses timestamp for comparisons:

- invalidFetchData = roundId == 0 || timeStamp == 0 || timeStamp > block.timestamp || chainlinkPrice <= 0 || block.timestamp > 7200 + timeStamp - line 71-73

- invalidFetchData || priceDeviation - line 81

contracts/libraries/LibOracle.sol#112-126

LibOracle.oracleCircuitBreaker(uint80,uint80,int256,int256,uint256,uint256) uses timestamp for comparisons

- invalidFetchData = roundId == 0 || timeStamp == 0 || timeStamp > block.timestamp || chainlinkPrice <= 0 || baseRoundId == 0 || baseTimeStamp == 0 || baseTimeStamp > block.timestamp || baseChainlinkPrice <= 0 - line 120-123

contracts/libraries/LibOrders.sol#39-57

LibOrders.increaseSharesOnMatch(address,STypes.Order,MTypes.Match,uint88) uses timestamp for comparisons

- timeTillMatch > Constants.MIN_DURATION - line 49

contracts/libraries/LibOrders.sol#891-903

LibOrders.updateOracleAndStartingShortViaTimeBidOnly(address,OF,uint16[]) uses timestamp for comparisons

- oneHourUpdate = oracleFrequency == OF.OneHour && timeDiff >= 3600 - line 897

- fifteenMinuteUpdate = oracleFrequency == OF.FifteenMinutes && timeDiff >= 900 - line 898-899

- oneHourUpdate || fifteenMinuteUpdate - line 900

Impact

The value of block.timestamp can be influenced by miners to a certain degree, so this may have some risk if miners collude on time manipulation to influence the value returned by these functions. This can lead of mismatched values and a wrong function of the protocol.

Tools Used

Slither

Recommendations

It is recommended to follow the 15-second rule, i.e., if the time-dependent event can vary by 15 seconds and maintain integrity, it is safe to use a block.timestamp. If possible, it is recommended to use Oracles.

Updates

Lead Judging Commences

0xnevi Lead Judge

over 1 year ago

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Other

kiteweb3 Submitter

over 1 year ago

0xnevi Lead Judge

over 1 year ago

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Other

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.