The use of block.timestamp in the _updateLock function for time-based comparisons can be problematic because miners can manipulate the timestamp to a certain degree. This manipulation could affect the logic that checks if a lock's expiry time has passed or if a new locking duration is valid.
Problematic Code:
To mitigate this risk, consider using block numbers for duration-based logic or an external time oracle for precise timestamps. Document the choice and ensure that the potential for minor timestamp manipulation is acceptable given the contract's use case.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.