BriVault
First Flight #52
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: high
Invalid

`joinEvent` Function Timestamp Check Lacks Precision

minos

joinEvent Function Timestamp Check Lacks Precision

Description

  • Users call the joinEvent function to participate in the guess when confirming the event has not yet started.

  • However, there is a minor deviation in the judgment of "the event has not yet started".

function joinEvent(uint256 countryId) public {
// ...Original code
@> if (block.timestamp > eventStartDate) {
revert eventStarted();
}
// ...Original code
}

  • In common programming paradigms, block.timestamp == eventStartDate is generally considered to mean "the event has started".

  • But the code here uses block.timestamp > eventStartDate to indicate "the event has started", which is obviously inaccurate.

Risk

Likelihood:

  • Guaranteed to occur in blocks where the timestamp is exactly equal to eventStartDate.

Impact:

  • Inconsistency with the event's publicly announced start time.

  • Users can participate immediately when the event starts on time, potentially enabling cheating (e.g., for a World Cup guess event where the winning team info comes from off-chain news, users could select the known result to participate).

  • Unfair to honest users who participate genuinely before the event starts.

  • The project team's credibility will face obvious doubts from users.

Proof of Concept

  • Add the following function to test/BriVaultTest.t.sol and run forge test --mt test__joinEvent_inEventStartDateBlock -vv:

function test__joinEvent_inEventStartDateBlock() public {
// User1 deposits all funds into the vault
vm.startPrank(user1);
mockToken.approve(address(briVault), 20 ether);
briVault.deposit(20 ether, user1);
vm.stopPrank();
// Warp timestamp to the block where the event starts exactly
vm.warp(eventStartDate + 0);
// User1 selects the country team with index 10
vm.prank(user1);
briVault.joinEvent(10);
}

  • Console output:

Ran 1 test for test/briVault.t.sol:BriVaultTest
[PASS] test__joinEvent_inEventStartDateBlock() (gas: 282910)
Suite result: ok. 1 passed; 0 failed; 0 skipped; finished in 2.07ms (213.10µs CPU time)

Recommended Mitigation

function joinEvent(uint256 countryId) public {
// ...Original code
- if (block.timestamp > eventStartDate) {
+ if (block.timestamp >= eventStartDate) {
revert eventStarted();
}
// ...Original code
}
Updates

Appeal created

bube Lead Judge 19 days ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!