[I-6] Risk Timestamp Manipulation in `LevelOne::giveReview()`
Summary
Slither has flagged the use of block.timestamp in the giveReview function as potentially dangerous, noting that miners can manipulate timestamps within the consensus‐allowed tolerance of up to 900 seconds.
Vulnerability Details
The function where this issue resides:
Ethereum’s protocol enforces that each block’s timestamp must exceed its parent’s and not drift more than 900 seconds into the future, bounding any miner influence to a window of minutes rather than days.
Given that the contract enforces a one‑week interval between reviews, a ±900‑second shift is negligible and cannot be exploited to grant additional reviews.
Impact
Because this timestamp check does not trigger any token transfers or balance updates, there is no direct financial risk associated with the minor time manipulation. The worst that a malicious miner could achieve would be to allow a review to occur up to 15 minutes earlier or later than intended, which does not translate into extra review opportunities or state corruption.
Tools Used
Slither
Manual Review
Recommendations
Consider adding a tolerance of -+900 seconds or use ChainLInk's Time-Based Upkeep: https://docs.chain.link/chainlink-automation/guides/job-scheduler
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.