Submission Details
Severity:
Timestamp Manipulation in checkLog
Summary
Timestamp Manipulation
checkLog()usesblock.timestampfor deadline checks and Miners can manipulate timestamps within certain bounds
Vulnerability Details
function checkLog(
AutomationLog calldata log,
bytes memory
)
external
view
returns (bool upkeepNeeded, bytes memory performData)
{
// <https://docs.chain.link/chainlink-automation/guides/log-trigger>
// 0th index is the event signature hash
address caller = bytes32ToAddress(log.topics\[1]);
uint128 requestId = uint128(uint256(log.topics\[2]));
// load usd token swap storage
UsdTokenSwapKeeperStorage storage self = _getUsdTokenSwapKeeperStorage();
// load requiest for user by id
UsdTokenSwapConfig.SwapRequest memory request =
IMarketMakingEngine(self.marketMakingEngine).getSwapRequest(caller, requestId);
// if request dealine expired revert
@> if (request.deadline < block.timestamp) {
return (false, new bytes(0));
}
// if keeper asset stream != vault asset revert
// Since the event emitted would be catched by multiple keepers, each with a stream for different asset, only
// the one with the matching asset needs to be able to execute the swap
if (request.assetOut != self.asset) {
return (false, new bytes(0));
}
string[] memory streams = new string[](1);
streams[0] = self.streamId;
// encode perform data
bytes memory extraData = abi.encode(caller, requestId);
revert StreamsLookup(DATA_STREAMS_FEED_LABEL, streams, DATA_STREAMS_QUERY_LABEL, block.timestamp, extraData);
}
Impact
Miners can manipulate timestamps within certain bounds
Tools Used
Recommendations
Prize pool breakdown
Total prize
70,000 USDC
nSLOC
3,25821
USDC / LOC
66,500
3,500
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.