GalloDaSballo
commented
2 years ago Finding seems copy pasted from a automation tool
Closed code423n4 closed 2 years ago
GalloDaSballo
commented
2 years ago Finding seems copy pasted from a automation tool
outdoteth
commented
2 years ago No exploit is given here
HickupHH3
commented
2 years ago Also, test contracts, OOS
Lines of code
https://github.com/code-423n4/2022-06-putty/blob/main/contracts/test/integration/Integration.t.sol#L36 https://github.com/code-423n4/2022-06-putty/blob/main/contracts/test/integration/Integration.t.sol#L96
Vulnerability details
Impact
In the case of block.timestamp, developers often attempt to use it to trigger time-dependent events. As Ethereum is decentralized, nodes can synchronize time only to some degree. Moreover, malicious miners can alter the timestamp of their blocks, especially if they can gain advantages by doing so.
Proof of Concept
References
Safety: Timestamp dependence Ethereum Smart Contract Best Practices - Timestamp Dependence How do Ethereum mining nodes maintain a time consistent with the network? Solidity: Timestamp dependency, is it possible to do safely? Avoid using block.number as a timestamp
Tools Used
remix,hardhat,truffle
Recommended Mitigation Steps
Developers should write smart contracts with the notion that block values are not precise, and the use of them can lead to unexpected effects. Alternatively, they may make use oracles.