Santa's List
AI First Flight #3
Beginner FriendlyFoundry
EXP
View results
Previous Next
Submission Details
Impact: medium
Likelihood: high
Invalid

Hardcoded Past Timestamp — Christmas Gate Permanently Open

arush

[M-2] Hardcoded Past Timestamp — Christmas Gate Permanently Open

Description

  • CHRISTMAS_2023_BLOCK_TIME is set to a Unix timestamp in December 2023. Since this contract would be deployed any time after that date, block.timestamp < CHRISTMAS_2023_BLOCK_TIME is permanently false from deployment, meaning the Christmas time-lock does nothing.

uint256 public constant CHRISTMAS_2023_BLOCK_TIME = 1_703_480_381; // Dec 25, 2023
function collectPresent() external {
if (block.timestamp < CHRISTMAS_2023_BLOCK_TIME) { // @audit always false post-2023
revert SantasList__NotChristmasYet();
}
// ...
}

Risk

Likelihood:

  • any deployment after Dec 2023 makes this a no-op.

Impact:

  • The Christmas gate offers zero protection; presents can be collected immediately on deployment.

  • Intended seasonal game mechanic is permanently broken.

Recommended Mitigation

Accept the target timestamp as a constructor argument so it can be set appropriately at deployment time.

- uint256 public constant CHRISTMAS_2023_BLOCK_TIME = 1_703_480_381;
+ uint256 public immutable i_christmasTimestamp;
constructor(uint256 christmasTimestamp) ERC721("Merry Christmas 2023", "SANTA") {
+ i_christmasTimestamp = christmasTimestamp;
i_santa = msg.sender;
i_santaToken = new SantaToken(address(this));
}
function collectPresent() external {
- if (block.timestamp < CHRISTMAS_2023_BLOCK_TIME) revert SantasList__NotChristmasYet();
+ if (block.timestamp < i_christmasTimestamp) revert SantasList__NotChristmasYet();
Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 2 hours ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!