Manipulation of Raffle Start Time using block.timestamp in Constructor
Summary
The raffleStartTime variable in the constructor of the provided code is assigned the value of block.timestamp, which can be manipulated by validators. This introduces a vulnerability where the start time of the raffle can be influenced by validators, potentially affecting the fairness and integrity of the raffle.
Vulnerability Details
The vulnerability stems from the use of block.timestamp to assign the value to raffleStartTime. The block.timestamp is a timestamp provided by validators and can be manipulated to a certain extent. This means that validators have the ability to control the start time of the raffle, which may lead to unfair advantages or manipulation of the raffle process.
Impact
The impact of this vulnerability is that validators can potentially manipulate the start time of the raffle, which can lead to manipulating the timing to favor certain participants.
Tools Used
Manual review.
Recommendations
To mitigate the vulnerability and ensure the fairness of the raffle, the following recommendations are suggested:
Use an oracle like Chainlink to get the timestamp
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.