Eggstravaganza

First Flight #37

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Use of block.timestamp for game logic

truthixify

Summary

The EggHuntGame.sol contract uses block.timestamp for game timing, which can be slightly manipulated by miners.

Vulnerability Details

The contract uses block.timestamp to define the start and end of game sessions:

startTime = block.timestamp;

endTime = block.timestamp + duration;

While this is a common practice, miners can influence the timestamp by a few seconds, especially in time-sensitive operations like triggering game events or determining a winner.

Impact

Malicious miners may influence game start/end boundaries to gain a time-based advantage.
Time manipulation could be used to exploit the system if prizes are tied closely to specific timestamps.

Tools Used

Manual code review
Known blockchain miner capabilities analysis

Recommendations

Where possible, use block.number with estimated block durations for timing.
If using block.timestamp, include buffers or grace periods to reduce sensitivity.
Never rely on timestamps for anything tied to randomness or exact scheduling.

Updates

Lead Judging Commences

m3dython Lead Judge 4 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.