17 matches found
Dangerous use of deadline parameter
Lines of code Vulnerability details Summary The protocol is using block.timestamp as the deadline argument while interacting with the Uniswap NFT Position Manager, which completely defeats the purpose of using a deadline. Impact Actions in the Uniswap NonfungiblePositionManager contract are...
Using block.timestamp as the deadline/expiry invites MEV
Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...
Using block.timestamp as the deadline/expiry invites MEV
Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...
Using block.timestamp as the deadline/expiry invites MEV
Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...
Using block.timestamp as the deadline/expiry invites MEV
Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...
Using block.timestamp as the deadline/expiry invites MEV
Lines of code 307 Vulnerability details Impact Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicio...
The code uses block.timestamp for calculating the duration of the curve evolution which can be manipulated by miners
Lines of code L72 Vulnerability details Impact block.timestamp is used to set the initial time tinit and the final time tfinal for the curve's evolution - the duration over which these prices change tinit, tfinal. The potential issue here is that block.timestamp can be manipulated by miners to a...
Time Manipulation attack on reliance on block.timestamp for time-sensitive operations.
Lines of code Vulnerability details Impact The block.timestamp allows a miner to call the mint function before the intended starting time mintingAllowedAfter which could lead to time manipulation. Contract name: ArcadeToken.sol Code link: Code line: function mintaddress to, uint256 amount externa...
Aunction DOS
Lines of code Vulnerability details Impact All auction functions are under a potential DOS or exploitability vulnerability A 2 day duration is added to the current block.number when creating a lot. This introduces a critical flaw, Adding 2 86400correct value of 2 days / 27200wrong value used in...
Expiration Time Not Checked in moveStakedLiquidity Function
Lines of code Vulnerability details Impact Liquidity moves are time-sensitive operations and the duration within which they are executed is crucial. If a user sets the expiry time to 0, it means that there is no expiration time set for the liquidity move. This can potentially allow the liquidity...
Use of block.timestamp
Lines of code Vulnerability details Impact Block timestamps have a purpose for a variety of applications, such as entropy for random numbers see the Entropy Illusion for further details, locking funds for periods of time, and various state-changing conditional statements that are time-dependent...
Validator/miner can set Block timestamp to a draw scheduled date and buy winning ticket if drawCoolDownPeriod is set to zero
Lines of code Vulnerability details Impact Validators/Miners would always be able to get the Jackpot prize, compromising the protocol. Proof of Concept The following foundry test illustrates this behaviour. Essentially, if the cooldown period time before a draw during which it is not possible to...
_locateCurrentAmount function, there is an unchecked block which skips underflow checks as startTime <= block.timestamp < endTime
Lines of code Vulnerability details Impact In the locateCurrentAmount function, there is an unchecked block which skips underflow checks as startTime = block.timestamp endTime, but if the condition is not upheld, the duration, elapsed, and remaining variables will underflow and can cause unexpect...
## block.timestamp used as time proxy
Lines of code Vulnerability details block.timestamp used as time proxy Summary: Risk of using block.timestamp for time should be considered. Details: block.timestamp is not an ideal proxy for time because of issues with synchronization, miner manipulation and changing block times. This kind of...
block.timestamp used as time proxy
Lines of code Vulnerability details block.timestamp used as time proxy Impact a. Summary: Risk of using block.timestamp for time should be considered. b. Details: block.timestamp is not an ideal proxy for time because of issues with synchronization, miner manipulation and changing block times. In...
Missing validations in setter and setPhaseTimes() functions.
Lines of code Vulnerability details Impact Time variable validations daStartTime, mintlistStartTime, publicStartTime, claimsStartTime, selfRefundsStartTime are only done in setPhaseTimes and not even all validations. These validations should be performed: daStartTime block.timestamp...
Insecure randomness in getPseudoRand(uint256 modulus){} function
Handle JMukesh Vulnerability details Impact insecure randomness due to a modulo on block.timestamp, now or blockhash. These can be influenced by miners to some extent so they should be avoided Proof of Concept Tools Used slither Recommended Mitigation Steps use chainlink vrf --- The text was...