Block Timestamp Manipulation | Hack Solidity #12

This article is gonna be a short one.

block.timestamp can be manipulated by miners with the following constraints

• It cannot be stamped at an earlier time than its parent
• it cannot be too far in the future

Imagine a user Eve, who has access to large computation power which she can manipulate block.timestamp by setting it in the future so that it is divisible by 15. As a result, transfer all the ether to her account.

Roulette Attack

The Solution

Please do not use block.timestamp as a source of entropy and randomness. Check out ChainlinkVRF on how to introduce randomness into a smart contract.

Do check out my other post on Randomness in smart contracts.

Hope you enjoyed reading it.

Ciao!!!