Timestamp Dependency in Smart Contracts
During the development of the smart contract, the programmers need to know the exact time to be able to execute some actions in the smart contract. Therefore., they use a timestamp generated by the node executing the smart contract. This article focuses on discussing the timestamp dependence vulnerability.
The following topics of timestamp dependency in the smart contract will be discussed here:
- What is Timestamp Dependency Vulnerability?
- How does Timestamp Dependence Work?
- What is the 15-second Rule?
- Does using a Timestamp Value always Cause Vulnerability?
- Impact of Timestamp Dependence Vulnerability.
- What is Block Number Dependency?
- How to prevent Timestamp Dependence Vulnerability?
Let’s start discussing each of these topics in detail.
What is Timestamp Dependency Vulnerability?
The timestamp dependency vulnerability happens when the smart contract relies on the block timestamp value that is generated by the node executing the smart contract to execute an operation. This makes it vulnerable to attacks and prone to manipulation. Due to distributed nature of the blockchain network, setting the exact time between the nodes, synchronizing it, and retrieving the exact time of the network is inevitable as most of the smart contract development languages are Turing complete. To solve this issue, most blockchain technologies offer the timestamp of the system to retrieve the actual time of the network.
- The timestamp of the block may be changed by the miner to exploit the weakness in a distributed system like the blockchain itself. The miner may entirely modify the output of the contract by changing the timestamp by a few seconds which would maximize his profit.
- When a smart contract employs the block timestamp as one of the requirements to carry out a crucial activity (such as transmitting ether) or as a source of entropy to produce random numbers, it is vulnerable.
- Timestamp dependency vulnerability happens when the smart contract uses the timestamp value generated by the node to compare it to a time value that will happen in less than 900 seconds.
How does Timestamp Dependence Work?
Below are 2 examples to show how the timestamp dependence vulnerability works:
Example 1: Below is the solidity program to show the timestamp dependence vulnerability.
Explanation: In the above code, the timestamp value retrieved from the now instruction when the transaction is sent should not be divisible by 2 only then it will satisfy the condition of >0. Therefore, the node can exploit this vulnerability to take all the money from the contract.
Example 2: Below is a solidity program to implement timestamp dependency vulnerability.
This function is readily modified since the node that produces a block containing a transaction that runs the smart contract code generates the value of the real timestamp.
- To get the actual time the smart contract uses the block.timestamp variable.
- The value of this variable is given by the node, thus the node could easily manipulate the value by increasing it till the condition in the code is satisfied.
- Nodes accept any block timestamp that falls within a certain timeframe since they are flexible. By changing the block timestamps directly, malicious actors (miners) may take advantage of the vulnerability when a smart contract transfers ETH using block.timestamp, creating the ideal environment for their own success.
- The miner may precompute a more advantageous number for the lottery by utilizing the block.timestamp method to seed this smart contract, which allows publishing an alternative timestamp inside the block validation time limit.
What is 15-second Rule?
Ethereum originally limited timestamps to 15 minutes, however, the more current Ethereum “Yellow Paper” has removed this restriction and just requires that a block’s timestamp be higher than the timestamp of the previously referenced block.
- However, the widely used Ethereum protocol implementations Geth and Parity will both reject blocks in the future with timestamps longer than 15 seconds (with average block times landing between 12-14 seconds).
- This indicates that it could be okay to utilize a block.timestamp for that function if the size of the time-dependent event can change by 15 seconds while maintaining integrity.
Does using a Timestamp Value always Cause Vulnerability?
Block.timestamp value is also checked to validate the block to be added to the blockchain network. This value should be equal to or less than the actual value plus 900 seconds.
- The timestamp value should be higher or equal to the parent.timestamp value, otherwise the next block will be automatically rejected.
- Here, the nodes have the opportunity to change the timestamp in such a way that is no lower than the parent.timestamp and not higher than the actual time plus 900.
Impact of Timestamp Dependence Vulnerability
The impact of timestamp dependence vulnerability depends upon the content and the reason for which the value is used in the smart contract. If there are financial decisions that rely on the value of timestamp then any alteration or manipulation implies financial losses.
The more there is the use of timestamp value for access control to execute a certain task in the smart contract the more it is vulnerable to attacks.
What is Block Number Dependency?
Block number dependency vulnerability is comparable to timestamp dependence vulnerability.
- This occurs when programmers estimate a time delta using block.number and average block time rather than block.time.
- Since blocks move one at a time, it would seem more secure than block.timestamp, but sadly, it too has flaws.
- Block timings may alter as a result of fork reorganizations and other circumstances.
How to prevent Timestamp Dependence Vulnerability?
There are 2 ways to prevent timestamp dependence vulnerability:
- Not using timestamp value as an access control check: This situation is evident from the above example, where it is discussed that using timestamp value as access control in the smart contract can also incur a financial loss. Thus, it is advisable to use it less as access control.
- Allowing a range of +900 seconds of error: This means that if the timestamp value returned by the node is incremented by a value between 1 to 900 seconds then this will not have a huge impact on the smart contract.
Please Login to comment...