Submission Details
Severity:
Block time is hardcoded to 2 seconds which is wrong for different L2s
Summary
Block time is hardcoded to 2 seconds. It's true for Optimism stack, but wrong for Arbitrum for example or Polygon zkEVM. On Arbitrum there are 3-4 blocks per second.
Vulnerability Details
It uses block time to calculate morning temperature and as a result always overestimates delta on Arbitrum:
function morningTemperature() internal view returns (uint256) {
AppStorage storage s = LibAppStorage.diamondStorage();
uint256 delta = block.number.sub(s.sys.season.sunriseBlock).mul(L2_BLOCK_TIME).div(
L1_BLOCK_TIME
);
...
}
Impact
Temperature is incorrectly calculated on L2s with different block time.
Tools Used
Manual Review
Recommendations
Set to storage upon deployment instead of hardcoding such value.
Updates
Lead Judging Commences
inallhonesty about 1 year ago
Submission Judgement Published Reason: Design choice
Assigned finding tags:
L2_BLOCK_TIME hardcoded to 2 seconds is not right for most L2's
Appeal created
inallhonesty about 1 year ago
Submission Judgement Published Assigned finding tags:
L2_BLOCK_TIME hardcoded to 2 seconds is not right for most L2's
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520 USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.