Timestamp Manipulation in inherit()
Summary
The inherit() function relies on block.timestamp to determine if the 90-day inactivity period has passed before allowing inheritance. Although block timestamps can be slightly manipulated by miners, the long duration of 90 days minimizes the impact of any such manipulation.
Vulnerability Details
In the inherit() function, the contract checks whether block.timestamp is less than the stored deadline (which is set to the current timestamp plus 90 days). While miners can adjust block timestamps by a small margin (typically a few seconds), this manipulation is insufficient to meaningfully affect a 90-day period. This is a known limitation of using block.timestamp and is generally accepted in many time-locked contracts. The impact of this issue is limited because the potential time shift is negligible relative to the long delay enforced.
Impact
Direct Impact: Minimal, as any miner-induced timestamp manipulation would only affect the timing by a few seconds, which is insignificant compared to the 90-day threshold.
Tools Used
Manual code review
Recommendations
Acknowledge the inherent limitations of block.timestamp in documentation.
Consider additional measures only if the time lock period were significantly shorter, but for a 90-day lock, the current implementation is acceptable.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.