Closed sherlock-admin2 closed 4 months ago
2 comment(s) were left on this issue during the judging contest.
z3s commented:
Invalid; Design decisions are not valid issues. Even if the design is suboptimal, but doesn't imply any loss of funds, these issues are considered informational.
zraxx commented:
[invalid] The deadline is set here to ensure that it can be executed
NoOne
medium
Using block.timestamp for deadline offers no protection
Summary
In function _stake and function _requestWithdrawal
Noticed that the
deadline
is set toblock.timestamp + 1
for bothVulnerability Detail
Impact
Since there is a deadline, if the transaction is too late, it will reverse
Code Snippet
function _stake function _requestWithdrawal
Tool used
Manual Review
Recommendation
Тhere must be a number entered by the user instead
block.timestamp