Closed code423n4 closed 1 year ago
trust1995 marked the issue as duplicate of #728
trust1995 marked the issue as satisfactory
@trust1995 Ser,
This is a different issue and does not seems to be a duplicate of #728. It is recommending on the use of block.timestamp and does not point out block period issue.
Please have a look.
Thank you!
trust1995 marked the issue as not a duplicate
trust1995 marked the issue as primary issue
trust1995 marked the issue as duplicate of #417
This finding group contains two types of findings:
I believe these are similar enough to be looked at as same underlying issue (block time assumptions affect voting period).
Lines of code
https://github.com/code-423n4/2023-05-maia/blob/main/src/governance/GovernorBravoDelegateMaia.sol#L18-L27
Vulnerability details
Impact
Note: The sponsor message on which networks project will be deployed.
Vote period/delay will not work correctly on L2s due to the use of
block.number
, which may not give holders enough time to delegate or cast before the voting delay or period ends.Proof of Concept
Each of these values represent a specific period in ethereum blocks (.i.e 12s), but all of this values will not give the holders enough time when deploying on L2s due to .
Here is a simple comparison of block times across different networks:
Tools Used
Manual Review
Recommended Mitigation Steps
We recommend using
block.timestamp
instead ofblock.number
.Assessed type
Timing