OrderBook
First Flight #43
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: low
Invalid

Usage of block.timestamp for comparisons

amlan2006

Using block.timestamp for comparisons could be manipulated by miners

Description:

block.timestamp can be manipulated by miners for their own benefit to increase or decrease the deadline period or overall manipulating the deadline of token expiry. This could cause the entire protocol to fail because the token expiry deadline will be changed and users will be buy the tokens even if the required deadline is gone. The block.timestamp is used in several places in this contract so it could cause miners to manipulate many things in the contract.

if (block.timestamp >= order.deadlineTimestamp) revert OrderExpired(); // Cannot amend expired order

Risk

Likelihood:

This will occur when miners will try to manipulate the deadline of the tokens by manipulating the block.timestamp

Impact:

This could cause the comparison to fail and ultimately increase or decrease the deadline of token expiry, and this will cause the entire protocol to fail because then users will be able to buy tokens even if the required deadline is gone.The block.timestamp is used in several places in this contract so it is vulnerable to as miners could manipulate many things in the contract.

Proof of Concept:

https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp


Recommended Mitigation:

Avoid using block.timestamp, use block.number instead. Since block.number is part of the blockchain's core structure


- remove this code
+ add this code
Updates

Lead Judging Commences

yeahchibyke Lead Judge 10 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.