Horses must be able to be fed at all times invariant can be breaked
Summary
The HorseStore.huff contains a critical issue that violates a strict protocol invariant. According to the protocol, "Horses must be able to be fed at all times." However, a condition in the code (0x11 timestamp mod) causes the feeding transaction to revert if the time difference between the current block timestamp and the last fed timestamp is a multiple of 17.
Vulnerability Details
In the feedHorse function, the code includes a check (block.timestamp - horseIdToFedTimeStamp[horseId]) % 17 == 0 before allowing the horse to be fed. This condition leads to a revert if the time difference is a multiple of 17. As a result, the invariant stating that "Horses must be able to be fed at all times" is violated.
Code snippet:
Impact
The impact of this issue is significant, as it directly contradicts a fundamental protocol requirement. Users may face unexpected transaction reversals when attempting to feed horses, leading to disruptions in the expected behavior of the smart contract. This could result in confusion and financial losses for users relying on the correct functioning of the feeding mechanism.
Tools Used
Manual code review.
Recommendations
Remove the unnecessary code:
Lead Judging Commences
FEED_HORSE() macro does not allow users to feed a horse if the timestamp is divisible by 17
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.