Block Attributes Misuse

What it detects

This detector warns when contracts depend too heavily on block attributes for logic or access control. Miners can manipulate these values within small ranges, leading to subtle bugs or timing attacks.

Typical symptoms

Critical calculations based on block.timestamp
Access restricted by recent block number

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract TimeLock {
    uint256 public end = block.timestamp + 1 days;
    function release() external {
        // Miners can nudge timestamp
        require(block.timestamp >= end, "too early");
    }
}

Why it matters on EVM

Manipulable block attributes can be used to cheat time-based logic or bypass restrictions set by the contract.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM