President Elector

First Flight #24
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: low
Invalid

Block timestamp

Summary

The selectPresident() function in the RankedChoice contract uses block.timestamp for a critical time-based comparison. This usage can potentially be manipulated by miners, leading to unexpected behavior in the contract's execution.

Vulnerability Details

The function relies on block.timestamp to determine if sufficient time has passed since the last vote. Miners can manipulate block.timestamp within a small range, potentially affecting the timing of president selection.

RankedChoice.selectPresident() (src/RankedChoice.sol#57-90) uses timestamp for comparisons
Dangerous comparisons:
- block.timestamp - s_previousVoteEndTimeStamp <= i_presidentalDuration (src/RankedChoice.sol#60-62)
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp

Impact

Miners could potentially influence the timing of president selection by slightly adjusting the block timestamp.

This manipulation could allow for selecting a president earlier or later than intended by the contract's design.

In close timing scenarios, it might be possible to unfairly trigger or prevent the selection process

Tools Used

slither .

Recommendations

Use Block Numbers: Replace timestamp-based calculations with block number-based calculations. Block numbers are more resistant to miner manipulation.

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.