Using Block.number instead of Block.timestamp
Summary
The UpliftOnlyExample contract incorrectly stores block numbers instead of timestamps in the blockTimestampDeposit variable during LP position transfers. This mismatch between the variable's intended purpose (tracking deposit time) and its actual stored value (block number) leads to invalid temporal tracking of LP positions.
Vulnerability Details
In the afterUpdate function of UpliftOnlyExample.sol, the contract incorrectly stores block numbers when it should store timestamps:
The issue manifests as follows:
Transfer Impact:
When positions are transferred, the new timestamp becomes a block number
This invalidates any time-based calculations for transferred positions
The contract can no longer accurately track how long positions have been held once a transfer occurs
Impact
Loss of yield - Incorrect temporal tracking leads to inaccurate fee calculations and yield attribution for transferred LP positions, directly affecting user returns and protocol revenue.
Tools Used
Manual Review
Recommendations
Update the afterUpdate function to store timestamps instead of block numbers:
This ensures:
Accurate temporal tracking of LP positions
Consistent time-based calculations
Valid transfer preservation
Lead Judging Commences
finding_afterUpdate_blockNumber_instead_of_timestamp
Likelihood: Medium/High, any NFT transfer will change this variable. Impact: Informational/Very Low. This variable is unused and won’t impact anything, but the array is public and its getter will return a variable with inconsistencies.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.