BriVault
First Flight #52
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: high
Invalid

Incorrect Timestamp Boundary Check in setWinner()

objectplayer

Root + Impact

Timestamp check uses wrong operator, preventing valid execution at exact end time, which is the normal in case of automated transaction.

Description

  • The setWinner() function should be callable once the event has ended.

  • Uses <= instead of <, blocking execution at the exact eventEndDate timestamp.

function setWinner(uint256 countryIndex) public onlyOwner returns (string memory) {
if (block.timestamp <= eventEndDate) { // @> Should be <
revert eventNotEnded();
}
// ...
}

Risk

Likelihood:

  • Occurs when called exactly at eventEndDate

  • Common with automated systems

  • Causes unexpected revert

Impact:

  • Function reverts at valid time

  • Owner must wait for next block

  • Minor delay in prize distribution

  • Inconsistent with typical boundary logic

Proof of Concept

Let suppose event endtime is 1000 and once it is ended, an automated system or service like chainlink upkeep service trigger the setWinner transaction but due to the check the transaction will fail and reverted.

// eventEndDate = 1000
// block.timestamp = 1000 (event just ended)
owner.setWinner(0);
// Check: 1000 <= 1000? YES
// REVERT: eventNotEnded()
// Expected: Should succeed

Recommended Mitigation

Just updating the check from <= to < will solve the problem

function setWinner(uint256 countryIndex) public onlyOwner returns (string memory) {
- if (block.timestamp <= eventEndDate) {
+ if (block.timestamp < eventEndDate) {
revert eventNotEnded();
}
// ... rest of function
}
Updates

Appeal created

bube Lead Judge 21 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!