Skip to content

Latest commit

 

History

History
55 lines (28 loc) · 2.67 KB

036.md

File metadata and controls

55 lines (28 loc) · 2.67 KB

moneyversed

medium

Insecure use of block.timestamp

Summary

The use of block.timestamp for setting loan due dates could be manipulated by miners, leading to potential inaccuracies in the loan terms.

Vulnerability Detail

The Teller Protocol V2 relies on block.timestamp to set loan due dates. However, block.timestamp can be manipulated by miners to a certain extent, potentially resulting in inaccuracies in the loan terms.

Impact

Inaccurate loan terms due to manipulated block.timestamp values could negatively affect the fairness and integrity of the platform.

Code Snippet

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L368

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L500

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L501

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L590

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L612

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L639

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L687

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L756

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L778

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L821

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L500

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L916

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L965

https://github.com/sherlock-audit/2023-03-teller/blob/main/teller-protocol-v2/packages/contracts/contracts/TellerV2.sol#L1007

Tool used

Manual Review

Recommendation

Consider using alternative, more secure methods for setting loan due dates, such as relying on external, trusted timestamp providers (e.g., Chainlink) or implementing a mechanism that accounts for potential timestamp manipulation. This will help ensure the accuracy of loan terms and maintain the platform's integrity.