Lines of code
<https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/Auction.sol#L22>
Detailed description of the impact of this finding.
In solidity, block.timestamp makes use of seconds in calculating time but in the highlighted codes, the stated period and their comments was miscalculated.
7200 was referred to as 24 hours and was used multiple times in the code base whereas in 24 hours we have 86400 seconds
This is a critical bug because it can lead to miscalculation of finances, DOS attacks and unintended smart contracts behaviors.
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
uint256 public constant MIN_AUCTION_DURATION = 7200; // 24 hours
But 24 hours == 24 * 60 * 60 == 86400
Manual review
All time and date variables in the code base should be rechecked, corrected and cross-checked critically.
Math
The text was updated successfully, but these errors were encountered:
All reactions