Picodes
commented
1 year ago Combining both issues by the warden and you get why there is actually no issue
Closed code423n4 closed 1 year ago
Picodes
commented
1 year ago Combining both issues by the warden and you get why there is actually no issue
Picodes
commented
1 year ago 86400 / 12 = 7200
c4-judge
commented
1 year ago Picodes marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/StaderOracle.sol#L26 https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/Auction.sol#L22
Vulnerability details
Impact
Detailed description of the impact of this finding. In solidity, block.timestamp makes use of seconds in calculating time but in the highlighted codes, the stated period and their comments was miscalculated. 7200 was referred to as 24 hours and was used multiple times in the code base whereas in 24 hours we have 86400 seconds This is a critical bug because it can lead to miscalculation of finances, DOS attacks and unintended smart contracts behaviors.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
But 24 hours == 24 60 60 == 86400
Tools Used
Manual review
Recommended Mitigation Steps
All time and date variables in the code base should be rechecked, corrected and cross-checked critically.
Assessed type
Math