santipu03
commented
5 months ago There have been no miners in the Ethereum network since September 15th, 2022.
Closed sherlock-admin4 closed 5 months ago
santipu03
commented
5 months ago There have been no miners in the Ethereum network since September 15th, 2022.
Im_th3AK
medium
Block TimestampDependence in Interest Calculation FunctionsSummary
The contract's interest rate calculation functions, such as
fixedRate, rely on the block timestamp (block.timestamp), which can be slightly manipulated by miners. This could potentially affect the accuracy of interest calculations.Vulnerability Detail
The Ethereum block timestamp can be influenced by miners within certain limits (approximately +/- 15 seconds). Contracts that use timestamps for logic related to time-sensitive operations may therefore have vulnerabilities if this manipulation affects contract outcomes.
Impact
If a miner manipulates the timestamp, it could lead to incorrect interest rate calculations or enable timing-based exploits. The impact is likely low-medium since there are natural limitations on how much miners can manipulate timestamps and because economic incentives generally discourage extreme manipulation.
Code Snippet
https://github.com/sherlock-audit/2024-04-interest-rate-model/blob/main/protocol/contracts/InterestRateModel.sol#L121-L122
Tool used
Recommendation
contract InterestRateModel { ITimeOracle public immutable timeOracle;
function fixedRate(uint256 maturity / other params /) public view returns (uint256) { uint256 currentTime = timeOracle.getCurrentTime(); v.maturityFactor = (maturity - currentTime).divWadDown( // ... rest of code ... );
} }