MyCut
First Flight #23
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

potential inaccuracy and precision issue in Pot::closePot due to block.timestamp irregularities

cryptedoji

Summary

In Pot::closePot function, measuring the claim period directly from block.timestamp - i_deployedAt may lead to misleading calculations as block.timestamp is susceptible to irregularities due to some factors such as network and miners manipulating the block.timestamp

Vulnerability Details

the blockchain does not guarantee a fixed time interval between blocks due to network conditions. So if for instance, network delays the block.timestamp of a block or perhaps a malicous miner manipulates the block.timestamp then this will lead to inaccuracies and/or imprecision in the calculation for claim period.

Impact

  • premature close of claim period leading to eligible users denied of claiming their rewards

  • if the block.timestamp is delayed, contest manager may not get her cut as claim period will be extended

Tools Used

  • manual review

  • foundry test

Recommendations

in the Pot::closePot, do the following

function closePot() external onlyOwner {
if (
- block.timestamp - i_deployedAt < 90 days
+ block.timestamp < i_deployedAt + 90 days
) {
revert Pot__StillOpenForClaim();
}
if (remainingRewards > 0) {
uint256 managerCut = remainingRewards / managerCutPercent;
i_token.transfer(msg.sender, managerCut);
uint256 claimantCut = (remainingRewards - managerCut) / i_players.length;
for (uint256 i = 0; i < claimants.length; i++) {
_transferReward(claimants[i], claimantCut);
}
}
}
Updates

Lead Judging Commences

equious Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.