In the case of block.timestamp, developers often attempt to use it to trigger time-dependent events. As Ethereum is decentralized, nodes can synchronize time only to some degree. Moreover, malicious miners can alter the timestamp of their blocks, especially if they can gain advantages by doing so.
Proof of Concept
References
Safety: Timestamp dependence
Ethereum Smart Contract Best Practices - Timestamp Dependence
How do Ethereum mining nodes maintain a time consistent with the network?
Solidity: Timestamp dependency, is it possible to do safely?
Avoid using block.number as a timestamp
Tools Used
remix,hardhat,truffle
Recommended Mitigation Steps
Developers should write smart contracts with the notion that block values are not precise, and the use of them can lead to unexpected effects. Alternatively, they may make use oracles.
Lines of code
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/test/integration/Integration.t.sol#L36 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/test/integration/Integration.t.sol#L96
Vulnerability details
Impact
In the case of block.timestamp, developers often attempt to use it to trigger time-dependent events. As Ethereum is decentralized, nodes can synchronize time only to some degree. Moreover, malicious miners can alter the timestamp of their blocks, especially if they can gain advantages by doing so.
Proof of Concept
References
Safety: Timestamp dependence Ethereum Smart Contract Best Practices - Timestamp Dependence How do Ethereum mining nodes maintain a time consistent with the network? Solidity: Timestamp dependency, is it possible to do safely? Avoid using block.number as a timestamp
Tools Used
remix,hardhat,truffle
Recommended Mitigation Steps
Developers should write smart contracts with the notion that block values are not precise, and the use of them can lead to unexpected effects. Alternatively, they may make use oracles.