First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

Timezone Discrepancies in Arbitrum Chain

yaioxy

Summary

The ChoosingRam::selectRamIfNotSelected function in the protocol is susceptible to timing issues when deployed on the Arbitrum chain due to timestamp discrepancies.

Vulnerability Details

The function currently checks timestamps as follows:

function selectRamIfNotSelected() public RamIsNotSelected OnlyOrganiser {
if (block.timestamp < 1728691200) {
revert ChoosingRam__TimeToBeLikeRamIsNotFinish();
}
if (block.timestamp > 1728777600) {
revert ChoosingRam__EventIsFinished();
}
uint256 random = uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao))) % ramNFT.tokenCounter();
selectedRam = ramNFT.getCharacteristics(random).ram;
isRamSelected = true;
}

However, due to Arbitrum's timestamp lower boundary policy, which is 24 hours earlier than the current time, the function may allow the selection of Ram prematurely in certain timezones. For example, in timezones like Pacific/Honolulu, the organiser could incorrectly enable Ram selection on 11 October 2024 instead of 12 October 2024.

Impact

In some timezone organiser could select ram before 12 October 2024.

Tools Used

CodeHawks, docs

Recommendations

Specify in the protocol's documentation and function comments that all timestamps should be considered based on UTC time to maintain consistency across different timezones and chains.

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

`block.timestamp` on Arbitrum

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.