Submission Details
Severity:
`RapBattle::_battle` and `Streets.unstake` use timestamp for comparisons
Summary
Dangerous usage of block.timestamp for time-based comparisons.
Vulnerability Details
Dangerous comparisons:
- random <= defenderRapperSkill (src/RapBattle.sol#70)
- random < defenderRapperSkill (src/RapBattle.sol#67)
- require(bool,string)(stakes[tokenId].owner == msg.sender,Not the token owner) (src/Streets.sol#39)
- daysStaked >= 1 (src/Streets.sol#50)
- daysStaked >= 2 (src/Streets.sol#54)
- daysStaked >= 3 (src/Streets.sol#58)
- daysStaked >= 4 (src/Streets.sol#62)
- daysStaked >= 1 (src/Streets.sol#68)
Impact
block.timestamp can be manipulated by miners.
Tools Used
Slither
Recommendations
Avoid relying on block.timestamp.
Rewards breakdown
nSLOC
201This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.