How to use timestamp for comparisons safely

go-ethereumsolidity

I'm running a tool to audit my smart contract and I got as report the following:

uses timestamp for comparisons / Dangerous comparisons :

require(block.timestamp > nextPayment, "Payement not due yet");

I've done more research and I found that block.timestamp can be manipulated by miners which is why is better to use other methods for comparison than block.timestamp

Do you have any method safer than this one ?

Nb: block.timestamp defines the Now in solidity

Best Answer

The 15-second Rule states that if your contract's code does not rely on a time interval of less then 15 seconds, than it is probably safe to use block.timestamp .

If the scale of your time-dependent event can vary by 15 seconds and maintain integrity, it is safe to use a block.timestamp.

I understand that your smart contract is about recurring payments, so unless these payments' time interval is less than 15 seconds, your code is safe.

You can read more about Timestamp Dependence here.

All the best!

Related Solutions

[Ethereum] how can we get all transaction according date(timestamp) filter

You can check all blocks downwards from the current while checking block timestamp. Here is a simple node.js script:

const Web3 = require('web3');
const web3 = new Web3();
web3.setProvider(new web3.providers.HttpProvider('http://localhost:8545'));


const date = new Date();
const minTimestamp = date.setHours(date.getHours() - 1) / 1000;
console.log('Retreiving all transactions from', date);


const {currentBlock, highestBlock} = web3.eth.syncing;
if(currentBlock < highestBlock) {
  console.log('Warning! Node is not synced:\n', web3.eth.syncing);
}

let blockNum = web3.eth.blockNumber;
const transactions = [];

while(true) {
  const block = web3.eth.getBlock(blockNum);
  if(block.timestamp < minTimestamp) break;
  transactions.push.apply(transactions, block.transactions);
  --blockNum;
}

console.log('Retreived', transactions.length, 'transactions');


const total = transactions.reduce(
  (sum, tx) => web3.eth.getTransaction(tx).value.plus(sum),
  new web3.BigNumber(0)
);

console.log('Total value is', web3.fromWei(total, 'ether').toNumber(), 'Ether');

[Ethereum] Solidity: Timestamp dependency, is it possible to do safely

Just to elaborate on Dennis' answer and explain why this hindrance exists.

Deep down, the decentralized nature of the consensus means that no one's clock is any better than anyone else'. Blocks disambiguate transaction order which is critical for reaching consensus about world state. They do this without reference to a reliable time source. Since no one can check the timeStamp without reference to a non-deterministic time source, the accuracy of the time stamp is dubious.

There's an interesting discussion on the accuracy of the timeStamp, the latitude the miners have and incentives to keep the timeStamp within reason, here: How do Ethereum mining nodes maintain a time consistent with the network?

This is quite a departure from networks synced with atomic clocks as we've come to take for granted, I think. A good understanding can keep us away from hidden assumptions and problems.

We can say ...

"The event will unfold at block _____" which is probably going to occur at approximately date/time given a predictable average block time.

"The event will unfold when a block is mined with a timeStamp >= deadline" which should be roughly at said deadline but isn't guaranteed to be precise.

"The event will unfold when the Oracle injects a transaction to declare that the event has occured without regard to either the block number or the block time stamp" in which case a trusted time source will decide.

Above are some examples of plain english we might use to describe the way a future time is codified in a Smart Contract so things unfold "as advertised."

Hope it helps.

Best Answer

Related Solutions

[Ethereum] how can we get all transaction according date(timestamp) filter

[Ethereum] Solidity: Timestamp dependency, is it possible to do safely

Related Topic