SWC-registry icon indicating copy to clipboard operation
SWC-registry copied to clipboard

Published 20 hours ago verified publisher icon SmartContractSecurity

New SWC: Avoid Block Number as a proxy for time

Open maurelian opened this issue 5 years ago • 2 comments

SWC-116: timestamp dependence says:

Remediation Developers should write smart contracts with the notion that block timestamp and real timestamp may vary up to half a minute. Alternatively, they can use block number or external source of timestamp via oracles.

Depending on the block number to accurately predict time is also dangerous:

https://medium.com/spankchain/spankchain-purchase-phase-to-end-prematurely-11-13-at-10am-pst-49c58133715a

maurelian avatar Dec 05 '19 20:12 maurelian

The best practices address this situation as well: https://consensys.github.io/smart-contract-best-practices/recommendations/#avoid-using-blocknumber-as-a-timestamp

maurelian avatar Dec 05 '19 20:12 maurelian

https://github.com/SmartContractSecurity/SWC-registry/pull/232

kadenzipfel avatar Dec 30 '19 22:12 kadenzipfel

This has been fixed, and could be closed

chaals avatar Apr 12 '23 22:04 chaals