`blockTimestampDeposit` variable assigned incorrectly
Summary
In the afterUpdate function, the blockTimestampDeposit variable is assigned the current block number instead of the current block timestamp:
Although the incorrect assignment does not affect the current contract logic, it introduces confusion and potential maintenance issues.
Vulnerability Details
Problematic Code:
Issue: The variable
blockTimestampDepositis incorrectly assignedblock.number, which is not a timestamp.Expected Behavior: If
blockTimestampDepositis intended to track a deposit timestamp, it should be assignedblock.timestamp.
Impact
Time Tracking Inaccuracy: This can cause confusion or errors if the variable is used for time-based calculations in the future..
Code Redundancy: An unused variable introduces unnecessary complexity and confusion for developers maintaining the code.
While this issue does not currently affect functionality, it reflects poorly on the code’s clarity and maintainability.
Tools Used
Recommendations
Option 1: Update the Assignment (If the Variable is Needed)
If blockTimestampDeposit is intended to track a deposit’s timestamp for future use:
Lead Judging Commences
finding_afterUpdate_blockNumber_instead_of_timestamp
Likelihood: Medium/High, any NFT transfer will change this variable. Impact: Informational/Very Low. This variable is unused and won’t impact anything, but the array is public and its getter will return a variable with inconsistencies.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.