Use of block.timestamp introduces minor miner manipulation potential
Summary
The createGameWithEth function uses block.timestamp to set creationTime and joinDeadline. While this is standard practice, miners can manipulate timestamps within a small range, potentially affecting game timing.
Vulnerability Details
A miner-controlled player (Player A) can slightly manipulate block.timestamp (within ~15 seconds) to extend or reduce the join deadline window.
Impact
Minor timing inconsistency. Not exploitable for major economic gain, but may affect fairness in edge cases.
Tools Used
Manual review.
Recommendations
Use block.timestamp with caution. For time-sensitive logic:
Document potential for slight manipulation.
Consider block.number for more consistency (less precise, but more stable over time).
Appeal created
Informational
Code suggestions or observations that do not pose a direct security risk.
Informational
Code suggestions or observations that do not pose a direct security risk.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.