BriVault
First Flight #52
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Impact: high
Likelihood: medium
Invalid

Missing Validation for `eventStartDate` and `eventEndDate` Leading to Invalid or Illogical Time Windows, Potentially Enabling MEV Exploitation

mafa

Missing Validation for eventStartDate and eventEndDate Leading to Invalid or Illogical Time Windows, Potentially Enabling MEV Exploitation

Description

The Brivaul::constructor and related functions do not verify that eventEndDate is later than eventStartDate and do not enforce a minimum participation duration. This can create invalid or extremely short event windows, allowing accidental misconfiguration or administrative errors.

Without a minimum duration, a malicious MEV bot or miner could front‑run or reorder transactions in the mempool, causing honest participants’ actions (e.g., deposits or team selections) to revert or execute outside the intended event window, potentially preventing legitimate participation.

constructor (IERC20 _asset, uint256 _participationFeeBsp, uint256 _eventStartDate, address _participationFeeAddress, uint256 _minimumAmount, uint256 _eventEndDate) ERC4626 (_asset) ERC20("BriTechLabs", "BTT") Ownable(msg.sender) {
if (_participationFeeBsp > PARTICIPATIONFEEBSPMAX){
revert limiteExceede();
}
participationFeeBsp = _participationFeeBsp;
@> eventStartDate = _eventStartDate;
@> eventEndDate = _eventEndDate;
participationFeeAddress = _participationFeeAddress;
minimumAmount = _minimumAmount;
_setWinner = false;
}

Risk

Setting invalid timestamp combinations can immediately disrupt core contract functionality, preventing users from participating in intended activities. If endTime is accidentally set before startTime or in the past, the event may appear concluded instantly, blocking deposits, withdrawals, and other interactions.

Proof of Concept

  1. Accidentally setting eventStartDate later than eventEndDate.

  2. After advancing time past eventEndDate, users are still able to deposit, joinEvent, and cancelParticipation.

  3. The owner cannot call setWinner function, even though endTime has passed, because startTime has not yet been reached.

Place the following code in briVault.t.sol.

Proof Of Code

function testEventStartLaterThenEventEnd() public{
BriVault briVaultTimeTesing;
uint256 eventStartDateLate = block.timestamp + 30 days;
uint256 eventEndDateEarly = block.timestamp + 2 days;
vm.startPrank(owner);
briVaultTimeTesing = new BriVault(
IERC20(address(mockToken)),
participationFeeBsp,
eventStartDateLate,
participationFeeAddress,
minimumAmount,
eventEndDateEarly
);
briVaultTimeTesing.setCountry(countries);
vm.stopPrank();
// 3 days after block.timestamp , later than eventEndDateEarly and earlier than eventStartDateLate
vm.warp(block.timestamp + 3 days);
vm.startPrank(user1);
mockToken.approve(address(briVaultTimeTesing), 10 ether);
briVaultTimeTesing.deposit(5 ether, user1);
briVaultTimeTesing.joinEvent(10);
briVaultTimeTesing.cancelParticipation();
vm.stopPrank();
vm.startPrank(owner);
vm.expectRevert();
briVaultTimeTesing.setWinner(10);
vm.stopPrank();
}

Recommended Mitigation

Introduce a minimum event duration (MINDURATION) and enforce it in the constructor by requiring that eventEndDate is at least MINDURATION after eventStartDate.

+ uint256 public constant MINDURATION = 1 week;
constructor (IERC20 _asset, uint256 _participationFeeBsp, uint256 _eventStartDate,
address _participationFeeAddress, uint256 _minimumAmount, uint256 _eventEndDate)
ERC4626 (_asset) ERC20("BriTechLabs", "BTT") Ownable(msg.sender) {
if (_participationFeeBsp > PARTICIPATIONFEEBSPMAX){
revert limiteExceede();
}
+ if(_eventEndDate <_eventStartDate + MINDURATION){
+ revert InvalidEventTime();}
participationFeeBsp = _participationFeeBsp;
eventStartDate = _eventStartDate;
eventEndDate = _eventEndDate;
MINDURATION = _minDuration
participationFeeAddress = _participationFeeAddress;
minimumAmount = _minimumAmount;
_setWinner = false;
}
Updates

Appeal created

bube Lead Judge 21 days ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Missing Constructor Validation

This is owner action and the owner is assumed to be trusted and to provide correct input arguments.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!