First Flight #20: The Predicter
First Flight #20
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

H - 1: Block Timestamp Manipulation

Saint123

Summary

In the context of smart contracts on the Ethereum blockchain, the block.timestamp (also known as now) is a value provided by miners when they create a block. This value is supposed to represent the time at which the block was created. However, miners have some flexibility in setting this timestamp within certain limits. This flexibility can be exploited to manipulate the behavior of smart contracts that rely on block.timestamp for critical operations

Vulnerability Details

The smart contract relies on block.timestamp to determine the timing of certain operations, such as the registration period. However, block.timestamp can be influenced by miners to some extent. Miners can adjust the timestamp within a certain range to gain an advantage, which can lead to unintended behavior and manipulation of contract logic.

Impact

The impact of this vulnerability is significant, as it can undermine the fairness and integrity of the contract. Here are the specific issues that can arise:

  • Unfair Registration Periods: Miners can end the registration period early or extend it to allow unauthorized users to register or block legitimate users from registering on time.

  • Manipulation of Prediction Timing: Miners can control the timing of predictions, allowing them or their allies to submit predictions with knowledge they shouldn't have or to prevent others from submitting theirs.

  • Incorrect Fee and Reward Distribution: Miners can manipulate the timing of fee collections and reward distributions, leading to financial discrepancies and loss of trust in the system.

Affected Lines

The vulnerability is present in the following lines of code:

if (block.timestamp > START_TIME - 14400) { revert ThePredicter__RegistrationIsOver(); }

This code checks if the current block timestamp is greater than a specific time (START_TIME - 14400), and if so, it ends the registration period. This check is vulnerable to manipulation by miners.

Recommendation

To mitigate this vulnerability, it is recommended to replace the reliance on block.timestamp with block numbers for critical time-sensitive operations. Block numbers are less susceptible to manipulation and provide a more reliable measure of time progression.

Example Replacement:

Instead of using block.timestamp, use block numbers and calculate the equivalent block number for the desired time period.

uint256 constant BLOCKS_PER_HOUR = 240; // Approximate number of blocks per hour (15 seconds per block) if (block.number > startBlock + 4 * BLOCKS_PER_HOUR) { revert ThePredicter__RegistrationIsOver(); }

In this example:

  • startBlock is the block number when the registration started.

  • BLOCKS_PER_HOUR is the approximate number of blocks produced in an hour.

  • The condition checks if the current block number is beyond the allowed registration period, providing a more secure and reliable mechanism than block.timestamp.

Tools Used

manual review, foundry

Recommendations

  1. Use Block Numbers Instead of Timestamps:

    • Replace the reliance on block.timestamp for critical time-sensitive operations with block numbers. This reduces the risk of manipulation by miners.

uint256 constant BLOCKS_PER_HOUR = 240; // Approximate number of blocks per hour (15 seconds per block)
if (block.number > startBlock + 4 * BLOCKS_PER_HOUR) {
revert ThePredicter__RegistrationIsOver();
}
Updates

Lead Judging Commences

NightHawK Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.