DeFiHardhat
12,000 USDC
View results
Submission Details
Severity: low
Invalid

Lack of sanity check for `lastTimestamp`

Summary

_getDeltaTimestamp() function could potentially underflow if lastTimestamp is greater than block.timestamp.

Vulnerability Details

The _getDeltaTimestamp() function calculates the difference between the current block timestamp and the lastTimestamp stored in the contract:

_getDeltaTimestamp ()

function _getDeltaTimestamp(uint40 lastTimestamp) internal view returns (uint256 _deltaTimestamp) {
return uint256(uint40(block.timestamp) - lastTimestamp); // @audit Possible underflow
}

Under normal circumstances, block.timestamp should always be greater than or equal to lastTimestamp because block.timestamp represents the current time, and lastTimestamp should logically be a time in the past when the last relevant action occurred.

However, if the lastTimestamp is set to a future time (a time greater than block.timestamp), the subtraction uint40(block.timestamp) - lastTimestamp would cause an underflow.

Impact

All functions that rely on this function to calculate the deltaTimestamp such as readTwaReserves(), readInstantaneousReserves() etc would therefore revert and halt execution.

Tools Used

Manual Review

Recommendations

Add a require statement to ensure that lastTimestamp is not greater than the current block.timestamp.

function _getDeltaTimestamp(uint40 lastTimestamp) internal view returns (uint256 _deltaTimestamp) {
require(block.timestamp >= lastTimestamp, "Invalid lastTimestamp: future timestamp"); // @audit Sanity check
return uint256(uint40(block.timestamp) - lastTimestamp);
}
Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.