Incorrect Christmas 2023 Block Time Allows Early Calling of `collectPresent` Function
Summary
The collectPresent function can be called before Christmas 2023 due to a discrepancy between the block timestamp condition and the actual Christmas 2023 block time.
Vulnerability Details
The contract has a condition in the collectPresent function to prevent calls before Christmas 2023:
However, the CHRISTMAS_2023_BLOCK_TIME is set to Thursday, December 22, 2022, 10:33:01 UTC, which is not the expected Christmas date. This allows users to call the collectPresent function even before the actual Christmas date.
Impact
Users can exploit the contract by calling the collectPresent function before the intended Christmas date, leading to undesired behavior and potentially affecting the distribution of presents.
Tools used
Manual review
Recommendations
The CHRISTMAS_2023_BLOCK_TIME should be set to the actual expected Christmas date in 2023, ensuring that the collectPresent function can only be called within the specified time frame.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.