Function BasketFacet::getLock(...) checks the lock based on the block number, so the time of the lock is dependent on average block time.
Average block time doesn't have to be maintained by the protocol and is a subject to changes. Furthermore, the Difficulty Bomb will definitely change the average block time.
Tools Used
Manual analysis
Recommended Mitigation Steps
This said, it is unsafe to measure time with block.number and shall be done with block.timestamp, which is accepted by most nodes iff the real timestamp doesn't differ by more than 15 seconds.
Handle
Czar102
Vulnerability details
Impact
Function
BasketFacet::getLock(...)
checks the lock based on the block number, so the time of the lock is dependent on average block time.Average block time doesn't have to be maintained by the protocol and is a subject to changes. Furthermore, the Difficulty Bomb will definitely change the average block time.
Tools Used
Manual analysis
Recommended Mitigation Steps
This said, it is unsafe to measure time with
block.number
and shall be done withblock.timestamp
, which is accepted by most nodes iff the real timestamp doesn't differ by more than 15 seconds.