16 matches found
GO-2026-4361 Inconsistencies between how commit signatures are verified and how block time is derived in github.com/cometbft/cometbft
Inconsistencies between how commit signatures are verified and how block time is derived in github.com/cometbft/cometbft...
Incorrect Provision of Specified Functionality
Overview Affected versions of this package are vulnerable to Incorrect Provision of Specified Functionality due to inconsistencies between the verification of commit signatures and the derivation of block time. An attacker can disrupt consensus guarantees and manipulate block timestamps by...
GHSA-C32P-WCQJ-J677 CometBFT has inconsistencies between how commit signatures are verified and how block time is derived
CSA-2026-001: Tachyon Description Name: CSA-2026-001: Tachyon Criticality: Critical Catastrophic Impact; Possible Likelihood per ACMv1.2 Affected versions: All versions of CometBFT Affected users: Validators and protocols relying on block timestamps Description A consensus-level vulnerability was...
Incorrect Provision of Specified Functionality
Overview Affected versions of this package are vulnerable to Incorrect Provision of Specified Functionality due to inconsistencies between the verification of commit signatures and the derivation of block time. An attacker can disrupt consensus guarantees and manipulate block timestamps by...
EUVD-2026-4323
CometBFT has inconsistencies between how commit signatures are verified and how block time is derived...
CometBFT has inconsistencies between how commit signatures are verified and how block time is derived
CSA-2026-001: Tachyon Description Name: CSA-2026-001: Tachyon Criticality: Critical Catastrophic Impact; Possible Likelihood per ACMv1.2 Affected versions: All versions of CometBFT Affected users: Validators and protocols relying on block timestamps Description A consensus-level vulnerability was...
Voting Delay set to 1 block, would not allow users enough time to buy tokens, or delegate their votes before the voting starts
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. With a voting delay set to 1 block, users would not have enough time to buy tokens, or delegate their votes. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs...
Shortfall.sol#initialize's waitForFirstBidder and nextBidderBlockLimit too short
Lines of code Vulnerability details Impact File: Shortfall.sol 147 waitForFirstBidder = 100; 148 nextBidderBlockLimit = 10; Binance Smart Chain has a block time of around 3 seconds. This could lead to an attacker blocking other bids to bid for the token at a low price. Proof of Concept Tools Used...
Imprecise block calculation
Lines of code Vulnerability details Vulnerability details Impact @dev Roughly equivalent to the number of blocks in 7 days. @dev Roughly equivalent to the number of blocks in 90 days. @dev Roughly equivalent to the number of blocks in 10 days. As described in the NatSpec comment above these are...
MAX_WITHDRAWAL_DELAY_BLOCKS assumes that block time is always 12 seconds
Lines of code Vulnerability details Impact Block time may change in the future which may affect the protocol's withdrawal functionality. Proof of Concept StrategyManagerStorage.sol assumes a 12-second blocks timing. If the block time changes in the future the MAXWITHDRAWALDELAYBLOCKS of one week...
votes[to] mapping anchor time not adjusted correctly in Equity.adjustRecipientVoteAnchor() can lead to unexpected results
Lines of code Vulnerability details H-01 votesto mapping anchor time not adjusted correctly in Equity.adjustRecipientVoteAnchor can lead to unexpected results Proof of Concept Equity.solL161 function adjustRecipientVoteAnchoraddress to, uint256 amount internal returns uint256 if to != address0x0...
Oracle will become invalid much faster than intended on non-mainnet chains
Lines of code Vulnerability details Description NFTFloorOracle is in charge of answering price queries for ERC721 assets. EXPIRATIONPERIOD constant is the max amount of blocks allowed to have passed for the reading to be considered up to date: uint256 diffBlock = currentBlock - priceInfo.updatedA...
Wrong assumption of block time might cause wrong value of votingDelay, votingPeriod
Lines of code Vulnerability details Impact In NounsDAOLogic, there are some constants in the system are estimated with an assumption that block time is 15 second. These constants are used to check value of votingPeriod and votingDelay. Actually, the merge is near and after the merge blocks come...
Issue with TWAV calculation.
Lines of code Vulnerability details Impact To calculate time weighted average value, current valuation is used. This is not appropriate way to decide the TWAV while other locations considers only time. This might not be the stable one. Proof of Concept uint256 currentValuation =...
GSD-2022-1001452 drm/i915: Treat SAGV block time 0 as SAGV disabled
drm/i915: Treat SAGV block time 0 as SAGV disabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...
Lock time is dependent on the average block time
Handle Czar102 Vulnerability details Impact Function BasketFacet::getLock... checks the lock based on the block number, so the time of the lock is dependent on average block time. Average block time doesn't have to be maintained by the protocol and is a subject to changes. Furthermore, the...