Time Manipulation Vulnerability in FlatcoinVault Contract
Summary
The FlatcoinVault contract relies on block.timestamp for critical functionality related to funding rate calculations. This introduces a vulnerability to miner timestamp manipulation that could allow attackers to exploit the contract for profit.
Vulnerability Detail
The vulnerability arises from the use of block.timestamp in functions like:
cheatcode
medium
Time Manipulation Vulnerability in FlatcoinVault Contract
Summary
The
FlatcoinVault
contract relies onblock.timestamp
for critical functionality related to funding rate calculations. This introduces a vulnerability to miner timestamp manipulation that could allow attackers to exploit the contract for profit.Vulnerability Detail
The vulnerability arises from the use of
block.timestamp
in functions like:And reliance on it for funding rate calculations:
Impact
Manipulate funding rate calculations to their advantage
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/FlatcoinVault.sol#L224
Tool used
Manual Review
Recommendation
Use block number instead of timestamp for interval measurements