CHRISTMAS_2023_BLOCK_TIME is a hardcoded past timestamp, so the collectPresent time-gate is permanently open instead of guarding a date
Hardcoded past Christmas timestamp makes the time gate permanently open
Description
CHRISTMAS_2023_BLOCK_TIME is a fixed constant equal to a December 2023 instant. The collectPresent time gate checks block.timestamp < CHRISTMAS_2023_BLOCK_TIME, which is permanently false now, so the intended "not callable until Christmas" restriction no longer exists.
Risk
Likelihood: Low
The timing logic itself is correct; the issue is the hardcoded constant has already elapsed. Whether this matters depends on intent, but the effect is that the gate is now unconditionally satisfied.
Impact: Low
The time-lock provides no protection on any current deployment, so present collection is always open regardless of date. If the design depended on holding collection until a future event, that control is absent.
Proof of Concept
Collection succeeds at the current block time with no warp into the future.
Recommended Mitigation
Use a configurable or clearly future date, or document that the gate is intentionally inert.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.