Block.timestamp use allow Miner Influence on Game Timing in `EggHuntGame.sol`
Summary
The contract uses block.timestamp to set the game's start and end time, which is slightly miner-controllable.
Vulnerability Details
The startGame(uint256 duration) function uses block.timestamp to set both the startTime and endTime. Since block.timestamp is miner-controlled within a limited range (usually ±15 seconds), a miner could slightly influence the game start time. This could shift the game duration by a few seconds—either shortening or extending it
Impact
Miners can influence block.timestamp by a few seconds, allowing them to extend or shorten the game duration for other participation slightly
Tools Used
Manual analyzed
Recommendations
Use block.number for more consistent timing (converted to seconds), or add a buffer if precise timing is required. Alternatively, document this behavior clearly if acceptable within the game design.
Appeal created
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.