Part 2

Zaros

PerpetualsDEXFoundrySolidity

70,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Reliance on block.timestamp for control flow decisions in the refundSwap function of the StabilityBranch contract

gbadebosmith

Summary

An issue arises from the reliance on block.timestamp for control flow decisions in the refundSwap function of the StabilityBranch contract. Although using time-based checks is common, block.timestamp (like other environment variables) can be manipulated by malicious miners within a limited range, potentially impacting logic that depends on strict timing guarantees.

Vulnerability Details

Location:
- File:
  /2025-01-zaros-part-2/src/market-making/branches/StabilityBranch.sol
- Line: 450
- URL: https://github.com/Cyfrin/2025-01-zaros-part-2/blob/35deb3e92b2a32cd304bf61d27e6071ef36e446d/src/market-making/branches/StabilityBranch.sol#L449-L452
Finding:
if (deadlineCache > block.timestamp) {
revert Errors.RequestNotExpired(msg.sender, requestId);
}
The contract enforces an expiration check on a swap request via if (deadlineCache > block.timestamp). Miners can slightly manipulate block.timestamp to either extend or reduce the window for a refund. While the scope of manipulation is generally bounded (e.g., a few seconds or minutes), this still introduces trust in miners to behave correctly.

Impact

Minor Time Manipulation:
Miners can adjust timestamps within a narrow range to game time-based logic. This can be used—albeit usually with difficulty—to create edge-case conditions where a request is considered expired or not expired.
Not Secure as Randomness:
While the function is not using block.timestamp as a source of randomness, any reliance on a miner-influenced variable for critical logic or large sums of money should be handled carefully.

Tools Used

Manual Review: Confirmed line of code and the reliance on an environment variable subject to minor manipulation by miners.

Recommendations

Accept Minor Timestamp Inaccuracy
- If a small deviation of a few seconds (or up to ~900 seconds in extreme cases) does not materially affect the system, then document these assumptions explicitly. This is often adequate for typical “deadline” or “expiry” checks.
Use an Oracle or External Time Source
- For critical scenarios requiring high integrity or minimal manipulation, consider using a trusted off-chain oracle. This eliminates or reduces the reliance on miner-provided timestamps.
Add Time Buffer
- If strict timing is important, use a short buffer or grace period around deadlines to mitigate the effect of minor timestamp manipulation.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

70,000 USDC

nSLOC

3,258

21 USDC / LOC

High Medium

66,500

Low

3,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.