First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect timestamp used for event start and end in `Dussehra::killRavana` which deviates from the timestamp mentioned in docs

shikhar229169

Summary

Incorrect timestamps are used in killRavana to ensure that the time at which it is called is of Dussehra event. The documentation mentions that the Dussehra event starts from 12th Oct and will finish before 13th Oct, but the timestamps that are used for check in killRavana function are different.

Vulnerability Details

  • The vulnerability is present in the killRavana function where it uses incorrect timestamps for checking the timestamp is between the start and end timestamp of Dussehra.

  • But the timestamp used in the function is different from the one which is mentioned in the documentation as a result of which the user can call the function in different time which deviates from the documentation.

if (block.timestamp < 1728691069) {
revert Dussehra__MahuratIsNotStart();
}
if (block.timestamp > 1728777669) {
revert Dussehra__MahuratIsFinished();
}

The docs mentions that the killRavana will be available after 12th October 2024 and before 13th October 2024.
The actual timestamp that corresponds to 12th October 2024 is 1728691200 and to 13th October is 1728777600 but different timestamps are used.

Impact

killRavana can be called outside of the time mentioned in the docs.

Tools Used

Manual Review

Recommendations

Correct the timestamps according to the docs:

- if (block.timestamp < 1728691069) {
+ if (block.timestamp < 1728691200) {
revert Dussehra__MahuratIsNotStart();
}
- if (block.timestamp > 1728777669) {
+ if (block.timestamp > 1728777600) {
revert Dussehra__MahuratIsFinished();
}
Updates

Lead Judging Commences

bube Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Incorrect timestamp

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.