First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Wrong timestamp setting in `Dussehra::killRavana` function, the `selectedRam` can kill Ravana after 13th October 2024.

kazan

Description

The killRavana function allows users to kill Ravana and Organiser will get half of the total amount collected in the event. This function will only work after 12th October 2024 and before 13th October 2024. But in this function, timestamp setting is wrong. The timestamp with value 1728691069 will be at Oct 11 2024 23:57:49. And the timestamp with value 1728777669 will be at Oct 13 2024 00:01:09.

Impact

One minute after deadline, the selectedRam still can call the killRavana function. Breaking the invariant of this function.

Tools Used

  • Manual review

  • Foundry

PoC

Place this test in Dussehra.t.sol

function test_canKillRavanaAfter13thOctober() public participants {
vm.warp(1728777600 - 1);
vm.startPrank(organiser);
choosingRam.selectRamIfNotSelected();
vm.stopPrank();
vm.warp(1728777600 + 60);
vm.startPrank(player1);
dussehra.killRavana();
dussehra.withdraw();
vm.stopPrank();
}

One minute after deadline, the selectedRam still can call killRavana and withdraw function.

Recommendations

In killRavana function, adjust the begining timestamp to 1728691200, and ending timestamp to 1728777600.

- if (block.timestamp < 1728691069) {
+ if (block.timestamp < 1728691200) {
- if (block.timestamp > 1728777669) {
+ if (block.timestamp > 1728777600) {
Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect timestamp

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.