First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Timestamps are unreliable, allowing Ravana to be killed before or after the intended time.

chaossr

Summary

The contracts exhibit a high vulnerability related to timestamp manipulation, which could potentially allow malicious actors to exploit time-based functionalities, such as prematurely killing Ravana before the intended time or extending Ravana's existence beyond the designated timeframe.

Vulnerability Details

The function lacks robust mechanisms to handle timestamp validation securely, making it vulnerable to timestamp manipulation attacks.

Impact

Inconsistent Time Validation: The conditional statements that check for the Mahurat start and end times (1728691069 and 1728777669) may not accurately correspond to the stated dates and times (Friday, 11 October 2024, 23:57:49, and Sunday 13 October 2024 00:01:09). Even a small discrepancy in the timestamps could lead to misjudgments regarding the Mahurat status, potentially enabling malicious actors to exploit the timing and disrupt the intended flow of the Dussehra ceremony.

Tools Used

Manual code review

Recommendations

function killRavana() public RamIsSelected {
//Friday 11 October 2024 23:57:49
if (block.timestamp < 1747545600) {
revert Dussehra__MahuratIsNotStart();
}
//Sunday 13 October 2024 00:01:09
if (block.timestamp > 1747632000) {
revert Dussehra__MahuratIsFinished();
}
IsRavanKilled = true;
uint256 totalAmountByThePeople = WantToBeLikeRam.length * entranceFee;
totalAmountGivenToRam = (totalAmountByThePeople * 50) / 100;
(bool success, ) = organiser.call{value: totalAmountGivenToRam}("");
require(success, "Failed to send money to organiser");
}
Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect timestamp

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.