Detailed description of the impact of this finding.
In solidity, block.timestamp makes use of seconds in calculating time but in the highlighted codes, the stated period and their comments was miscalculated.
7200 was referred to as 24 hours and was used multiple times in the code base whereas in 24 hours we have 86400 seconds
This is a critical bug because it can lead to miscalculation of finances, DOS attacks and unintended smart contracts behaviors.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
uint256 public constant MIN_AUCTION_DURATION = 7200; // 24 hours
But 24 hours == 24 60 60 == 86400
Tools Used
Manual review
Recommended Mitigation Steps
All time and date variables in the code base should be rechecked, corrected and cross-checked critically.
Lines of code
https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/StaderOracle.sol#L26 https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/Auction.sol#L22
Vulnerability details
Impact
Detailed description of the impact of this finding. In solidity, block.timestamp makes use of seconds in calculating time but in the highlighted codes, the stated period and their comments was miscalculated. 7200 was referred to as 24 hours and was used multiple times in the code base whereas in 24 hours we have 86400 seconds This is a critical bug because it can lead to miscalculation of finances, DOS attacks and unintended smart contracts behaviors.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
But 24 hours == 24 60 60 == 86400
Tools Used
Manual review
Recommended Mitigation Steps
All time and date variables in the code base should be rechecked, corrected and cross-checked critically.
Assessed type
Math