Platform: Code4rena
Start Date: 16/09/2021
Pot Size: $50,000 USDC
Total HM: 26
Participants: 30
Period: 7 days
Judge: GalloDaSballo
Total Solo HM: 17
Id: 36
League: ETH
Rank: 23/30
Findings: 1
Award: $333.98
🌟 Selected for report: 1
🚀 Solo Findings: 0
🌟 Selected for report: aga7hokakological
333.9773 USDC - $333.98
aga7hokakological
Timestamp of the block can be manipulated by the miner which can cause change in the fees.
uint256 timeDiff = (block.timestamp - lastFee); in this line if lastFee variable is known then if miner with more computation can manipulate the timestamp which can make the difference equal to 0 which might result in variable fee to be 0.
Manual Analysis
Don't use block.timestamp directly in contract.
#0 - GalloDaSballo
2021-12-19T22:12:57Z
This finding would be valid if fees were related to time, but the reality is that fees are just streamed / unlocked over time. So skipping up to 15 seconds has literally no impact.
Will downgrade to low as the finding is factually correct, but there's no funds at risk