`collectPresent` cannot be called before Christmas despite intended grace period
Description
The contract is intended to allow users to collect presents around Christmas, including a small grace period before the exact Christmas timestamp. As mentioned in the documentation, collecting presents within 24 hours before Christmas is considered acceptable behavior.
However, the current implementation only allows collectPresent to be called at or after the exact CHRISTMAS_2023_BLOCK_TIME. Any call made before this timestamp always reverts, even if it falls within the documented pre-Christmas grace period. This makes the time check stricter than intended and prevents valid users from collecting during the expected window.
Risk
Likelihood: High
Any user attempting to collect presents shortly before Christmas is affected.
This is a realistic and expected usage window based on the documented grace period.
Impact: Medium
Eligible users may be prevented from collecting their presents.
The contract behavior does not match the documented pre-Christmas collection window.
This breaks expected protocol behavior for valid users.
Proof of Concept
This test shows that even within a reasonable pre-Christmas window(24 hours before christmas), the call reverts due to the strict lower-bound check.
Recommended Mitigation
Update the lower-bound check so it matches the documentation, which explicitly allows users to collect presents within a small grace period before Christmas.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.