First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Inconsistent block.timestamp in `Dussehra::killRavana`

appet

Description:

The hardcoded values in the if - statements for the block.timestamp checks are respectively 1728691069 = Fri Oct 11 2024 23:57:49 GMT+0000 and 1728777669 = Sun Oct 13 2024 00:01:09 GMT+0000, which is a slight deviation from the specs - killRavana function will only work after 12th October 2024 and before 13th October 2024.

Impact:

Although the discrepancy is small, the function can be called on 11 Oct and 13 Oct breaking the intended functionallity of the protocol.

Proof of Concept:

Paste the following in the Dussehra.t.sol:

function test_killRavanaOn11th() public participants {
vm.warp(1728691200+2);
vm.startPrank(organiser);
choosingRam.selectRamIfNotSelected();
vm.stopPrank();
vm.warp(1728691069+2); //Fri Oct 11 2024 23:57:51 GMT+0000
vm.startPrank(player2);
dussehra.killRavana();
vm.stopPrank();
assertEq(dussehra.IsRavanKilled(), true);
}

Recommended Mitigation:

All the stated checks for UNIX hardcoded values could be declared as state constant variables (e.g. uint256 constant START_DATE_EVENT = 1728691200 //Sat Oct 12 2024 00:00:00 GMT+0000)

Tools Used

Manual review, Foundry

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect timestamp

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.