Late Execution Due to Sequencer Timestamp Delay and network congestion
Summary
The SantasList smart contract faces a potential late execution of its collectPresent function, primarily due to the combination of sequencer timestamp delay and network congestion on the Arbitrum network.
https://docs.arbitrum.io/for-devs/concepts/differences-between-arbitrum-ethereum/block-numbers-and-time
Vulnerability Details
The documentation and the code are not precise/ contradictory about the exact date where the collectPresent can be called, from the doc:
In the contract:
In the SantasList contract, the collectPresent function relies on block.timestamp to check if it's Christmas 2023 yet.
But on Arbitrum, the sequencer, which orders transactions, can set block timestamps within a 24-hour range.
This flexibility, combined with potential network congestion, could lead to delays in transaction processing.
During busy periods, if the sequencer sets a block's timestamp at the earlier end of its range, users might find themselves unable to use collectPresent on Christmas Day. They would be blocked by the contract thinking it's still not Christmas, based on the timestamp.
Impact
This issue could prevent users from claiming their presents at the expected time, causing frustration and diminishing trust in the contract's reliability.
Tools Used
Analysis of Arbitrum network features and block.timestamp handling.
Recommendations
Manual Control Option: Introduce a way for a trusted admin to activate collectPresent manually, especially useful in case of network issues or timing mismatches.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.