Incorrect Use of block.number Instead of block.timestamp for blockTimestampDeposit in afterUpdate::UpliftOnlyExample.sol
Summary
In the afterUpdate function, the blockTimestampDeposit field of feeDataArray[tokenIdIndex] is assigned the value of block.number instead of block.timestamp.
This is incorrect because blockTimestampDeposit suggests it should store the current timestamp (in seconds since the Unix epoch), which represents the time of the block. However, block.number represents the block height, which is unrelated to time and is an incremental counter for the blockchain.
Vulnerability Details
Vulnerable Code Segment
The use of block.number here is a semantic mismatch with the intended purpose of the blockTimestampDeposit field.
Impact
incorrect data representation
Tools Used
Manual review
Recommendations
Replace block.number with block.timestamp to correctly assign the current block's timestamp:
Lead Judging Commences
finding_afterUpdate_blockNumber_instead_of_timestamp
Likelihood: Medium/High, any NFT transfer will change this variable. Impact: Informational/Very Low. This variable is unused and won’t impact anything, but the array is public and its getter will return a variable with inconsistencies.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.