Timestamp Dependence

What it detects

The detector searches for conditions or calculations that depend directly on block.timestamp. Because miners control this value within a small window, any randomness or scheduling tied to it can be exploited.

Typical symptoms

Release or lock periods based purely on timestamp
Random values derived from block.timestamp

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract Timed {
    uint256 public end = block.timestamp + 1 hours;

    function finish() external {
        // Miner can tweak timestamp to trigger early or late
        require(block.timestamp >= end, "not yet");
    }
}

Why it matters on EVM

Depending on timestamps allows miners to slightly shift time, potentially unlocking funds prematurely or delaying actions for profit.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM