The getVRGDAPrice() function in the LinearVRGDALib library contains a timestamp dependency vulnerability. This vulnerability arises from the reliance on the current timestamp to calculate the _timeSinceStart parameter used in the token price calculation according to the VRGDA formula. The price of a token depends on the time since the auction began.
Tools Used
Manual analysis
Recommended Mitigation Steps
Use a secure time source such as external oracles for calculating the _timeSinceStart parameter
Lines of code
https://github.com/GenerationSoftware/pt-v5-claimer/blob/57a381aef690a27c9198f4340747155a71cae753/src/libraries/LinearVRGDALib.sol#L39-L46 https://github.com/GenerationSoftware/pt-v5-claimer/blob/57a381aef690a27c9198f4340747155a71cae753/src/Claimer.sol#L141
Vulnerability details
Impact
An attacker can adjust the timestamp to artificially influence the
_timeSinceStart
value to purchase tokens at a very low price.Proof of Concept
https://github.com/GenerationSoftware/pt-v5-claimer/blob/57a381aef690a27c9198f4340747155a71cae753/src/libraries/LinearVRGDALib.sol#L39-L46
https://github.com/GenerationSoftware/pt-v5-claimer/blob/57a381aef690a27c9198f4340747155a71cae753/src/Claimer.sol#L141
The
getVRGDAPrice()
function in theLinearVRGDALib
library contains a timestamp dependency vulnerability. This vulnerability arises from the reliance on the current timestamp to calculate the_timeSinceStart
parameter used in the token price calculation according to the VRGDA formula. The price of a token depends on the time since the auction began.Tools Used
Manual analysis
Recommended Mitigation Steps
Use a secure time source such as external oracles for calculating the
_timeSinceStart
parameterAssessed type
Timing