stake.link

stake.link
DeFiHardhatBridge
27,500 USDC
View results
Submission Details
Severity: medium
Invalid

Timestamp Dependence

The use of block.timestamp in the _updateLock function for time-based comparisons can be problematic because miners can manipulate the timestamp to a certain degree. This manipulation could affect the logic that checks if a lock's expiry time has passed or if a new locking duration is valid.

Problematic Code:

if ((_lock.expiry == 0 || _lock.expiry > block.timestamp) && _lockingDuration < _lock.duration) {
revert InvalidLockingDuration();
}

To mitigate this risk, consider using block numbers for duration-based logic or an external time oracle for precise timestamps. Document the choice and ensure that the potential for minor timestamp manipulation is acceptable given the contract's use case.

Updates

Lead Judging Commences

0kage Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.