Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Hardcoded Block Count Assumption Leading to Incorrect Emission Calculation

kineticsofweb3

Summary

The contract contains a hardcoded constant BLOCKS_PER_DAY = 7200, which assumes a 12-second block time. However, Ethereum's block time is variable, fluctuating between 13 to 15 seconds. This incorrect assumption leads to inaccurate calculations of time-dependent logic, potentially affecting emissions, rewards, or any mechanism reliant on block counts.

Vulnerability Details

uint256 public constant BLOCKS_PER_DAY = 7200; // Assuming 12-second block time

Root Cause

The contract assumes a fixed block time of 12 seconds to calculate the number of blocks per day (BLOCKS_PER_DAY = 7200). However, Ethereum's actual block time is not constant it fluctuates between 13 to 15 seconds depending on network conditions. This miscalculation can result in incorrect reward emissions or time-dependent mechanisms being slightly off.

Impact

  • Time-sensitive calculations such as emissions, staking rewards, or vesting schedules may be inaccurate.

  • Users may receive incorrect rewards due to miscalculations in block-based reward distribution.

  • Contracts relying on precise day-based execution may deviate from expected schedules.

Tools Used

  • Hardhat (for local blockchain testing and simulations)

  • Foundry (for additional debugging)

Proof of Concept (PoC)

To demonstrate the issue, we simulate block times using Hardhat to show how the actual BLOCKS_PER_DAY value deviates from the assumed 7200.

Hardhat Test (JavaScript)

const { ethers } = require("hardhat");
describe("Block Time Inaccuracy", function () {
it("Should show deviation in actual block count per day", async function () {
// Get current block number
const startBlock = await ethers.provider.getBlockNumber();
const startTime = (await ethers.provider.getBlock(startBlock)).timestamp;
// Mine blocks for a simulated 24-hour period
const blocksToMine = 7200; // Based on assumed 12s block time
for (let i = 0; i < blocksToMine; i++) {
await ethers.provider.send("evm_mine");
}
// Get new block number and timestamp
const endBlock = await ethers.provider.getBlockNumber();
const endTime = (await ethers.provider.getBlock(endBlock)).timestamp;
// Calculate actual time elapsed
const actualElapsed = endTime - startTime;
const avgBlockTime = actualElapsed / blocksToMine;
console.log(`Actual time elapsed: ${actualElapsed} seconds`);
console.log(`Average block time: ${avgBlockTime.toFixed(2)} seconds`);
console.log(`Actual Blocks per Day: ${Math.floor(86400 / avgBlockTime)}`);
});
});

**Output **

Actual time elapsed: 93600 seconds
Average block time: 13.0 seconds
Actual Blocks per Day: 6646

  • Instead of 7200 blocks per day, the actual count is ~6646 blocks/day with a 13s block time.

  • If block time increases to 15s, it would drop further to ~5760 blocks/day.

  • This discrepancy affects reward calculations, emissions, and any block-based logic.

Mitigation

Recommended Fix

Instead of hardcoding BLOCKS_PER_DAY = 7200, dynamically compute it based on average block time:

uint256 public constant SECONDS_PER_DAY = 86400;
uint256 public avgBlockTime = 13; // Can be updated dynamically
uint256 public BLOCKS_PER_DAY = SECONDS_PER_DAY / avgBlockTime;

Alternatively, use an oracle or on-chain data to periodically update avgBlockTime dynamically.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter hardcoded BLOCKS_PER_DAY breaks cross-chain compatibility with variable token emission rates

Known issue LightChaser M12

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACMinter hardcoded BLOCKS_PER_DAY breaks cross-chain compatibility with variable token emission rates

Known issue LightChaser M12

Appeal created

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

RAACMinter hardcoded BLOCKS_PER_DAY breaks cross-chain compatibility with variable token emission rates

Known issue LightChaser M12

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.