The selectPresident()
function in the RankedChoice contract uses block.timestamp
for a critical time-based comparison. This usage can potentially be manipulated by miners, leading to unexpected behavior in the contract's execution.
The function relies on block.timestamp
to determine if sufficient time has passed since the last vote. Miners can manipulate block.timestamp
within a small range, potentially affecting the timing of president selection.
RankedChoice.selectPresident() (src/RankedChoice.sol#57-90) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp - s_previousVoteEndTimeStamp <= i_presidentalDuration (src/RankedChoice.sol#60-62)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp
Miners could potentially influence the timing of president selection by slightly adjusting the block timestamp.
This manipulation could allow for selecting a president earlier or later than intended by the contract's design.
In close timing scenarios, it might be possible to unfairly trigger or prevent the selection process
slither .
Use Block Numbers: Replace timestamp-based calculations with block number-based calculations. Block numbers are more resistant to miner manipulation.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.