Submission Details
Severity:
`LibDibbler.L2_BLOCK_TIME` might be incorrect for some L2 networks.
Github link
Summary
The LibDibbler contract uses 2 seconds block time for L2 but it might be incorrect for some L2 networks including Arbitrum.
Vulnerability Details
The LibDibbler contract sets L2_BLOCK_TIME as 2 seconds and uses it in morningTemperature().
File: LibDibbler.sol
41: uint256 private constant L2_BLOCK_TIME = 2;
152: function morningTemperature() internal view returns (uint256) {
153: AppStorage storage s = LibAppStorage.diamondStorage();
154: uint256 delta = block.number.sub(s.sys.season.sunriseBlock).mul(L2_BLOCK_TIME).div(
155: L1_BLOCK_TIME
156: );
While checking a documentation, there is no detailed information about the L2 network.
Some Ethereum L2 networks like Optimism have 2 seconds block time but Arbitrum has 0.26 seconds.
Impact
morningTemperature() might work wrongly with an incorrect block time.
Tools Used
Manual Review
Recommendations
We should set a correct block time for the L2 network deployed.
Updates
Lead Judging Commences
inallhonesty 11 months ago
Submission Judgement Published Reason: Design choice
Assigned finding tags:
L2_BLOCK_TIME hardcoded to 2 seconds is not right for most L2's
Appeal created
inallhonesty 11 months ago
Submission Judgement Published Assigned finding tags:
L2_BLOCK_TIME hardcoded to 2 seconds is not right for most L2's
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520 USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.