Lines of code
<https://github.com/code-423n4/2023-06-stader/blob/7566b5a35f32ebd55d3578b8bd05c038feb7d9cc/contracts/Auction.sol#L22&gt;

Vulnerability details

Impact

Detailed description of the impact of this finding.
In solidity, block.timestamp makes use of seconds in calculating time but in the highlighted codes, the stated period and their comments was miscalculated.
7200 was referred to as 24 hours and was used multiple times in the code base whereas in 24 hours we have 86400 seconds
This is a critical bug because it can lead to miscalculation of finances, DOS attacks and unintended smart contracts behaviors.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

uint256 public constant MIN_AUCTION_DURATION = 7200; // 24 hours

But 24 hours == 24 * 60 * 60 == 86400

Tools Used

Manual review

Recommended Mitigation Steps

All time and date variables in the code base should be rechecked, corrected and cross-checked critically.

Assessed type

Math

The text was updated successfully, but these errors were encountered:

All reactions