Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2023-07-POOLTOGETHER-FINDINGS-ISSUES-450
HistoryJul 14, 2023 - 12:00 a.m.

_getNextObservationIndex() Random use of timestamp to determine the currentTime can be manipulated bacause of dangerous strict equalities

2023-07-1400:00:00
Code4rena
github.com
7
code vulnerabilities
timestamp manipulation
time validation
external consensus mechanisms
gas limit dependency
JSON

Lines of code
<https://github.com/GenerationSoftware/pt-v5-twab-controller/blob/0145eeac23301ee5338c659422dd6d69234f5d50/src/libraries/TwabLib.sol#L381&gt;
<https://github.com/GenerationSoftware/pt-v5-twab-controller/blob/0145eeac23301ee5338c659422dd6d69234f5d50/src/libraries/TwabLib.sol#L529&gt;

Vulnerability details

Impact

The use of strict equalities can be easily manipulated by an attacker.
Miners may attempt to manipulate the timestamp.

Proof of Concept

File: TwabLib.sol
Code Link: <https://github.com/GenerationSoftware/pt-v5-twab-controller/blob/0145eeac23301ee5338c659422dd6d69234f5d50/src/libraries/TwabLib.sol#L367&gt;
Code:
if (newestObservation.timestamp == currentTime) {

File: TwabLib.sol
Code Link: <https://github.com/GenerationSoftware/pt-v5-twab-controller/blob/0145eeac23301ee5338c659422dd6d69234f5d50/src/libraries/TwabLib.sol#L381&gt;
Code:
if (currentPeriod == 0 || currentPeriod > newestObservationPeriod) {

File: TwabLib.sol
Code Link: <https://github.com/GenerationSoftware/pt-v5-twab-controller/blob/0145eeac23301ee5338c659422dd6d69234f5d50/src/libraries/TwabLib.sol#L529&gt;
Code:
if (afterOrAtObservation.timestamp == _targetTime) {

Tools Used

Manual Review

Recommended Mitigation Steps

Don’t use strict equality to determine the timestamp currenttime. instead, use Multiple Time Sources not relying solely on block.timestamp, consider using multiple time sources or external oracles to obtain a more reliable and tamper-resistant timestamp.
Try to Implement time window validation to account for slight variations in the timestamp. Instead of strict equality checks, consider using ranges or thresholds to accommodate small discrepancies in the timestamps.
Also, leverage external consensus mechanisms, such as timestamping services or decentralized timestamping protocols, to obtain timestamps that are more resistant to manipulation by individual miners.
Finally, make the contract’s behavior dependent on the gas limit instead of the timestamp. Since miners cannot directly manipulate the gas limit, this can provide a more reliable measure for time-dependent operations.

Assessed type

Timing

The text was updated successfully, but these errors were encountered:

All reactions

JSON