How to Avoid making time-based decisions in contract business logic?
I wrote a Money-saving smart contract where users deposit ETH and define the amount of time they want to keep that ETH in the contract, EX: USER X deposits 2ETH for one year, they can only withdraw their ETH after that period.
But solidity linter keeps telling me that I should not rely on block.timestamp to make decisions.
This is the Saving struct I'm using to map every address to a balance and endTime:
struct Saving {
uint256 balance;
uint256 endTime;
}
Here is my function modifier where I require the withdrawal time to be greater than the endTime I stored at the deposit moment:
modifier onlyValidTimeWithdraw() {
require(
block.timestamp > balances[msg.sender].endTime,
"You cannot withdraw yet"
);
_;
}
This is the message I get through the linter.
After doing some research I found that I should not have time-dependent conditions in my contract since miners can manipulate timestamps, but I did not find any alternative to this.
Miners can manipulate block timestamp to an extent of approx. few seconds, which is enough to affect business logic depending on a second-level precision.
function betLottery() external {
// the block.timestamp can be affected by a miner
// and they can submit their own winning transaction
if (block.timestamp % 2 == 0) {
win();
}
}
But since your logic depends on much longer period, I'd simply ignore or suppress the warning.
Or if it fits your usecase, you can validate against the block number, which most linters allow.
struct Saving {
uint256 balance;
uint256 endBlock;
}
require(
block.number > balances[msg.sender].endBlock,
"You cannot withdraw yet"
);
- How to get all tokens by wallet address
- Calling ownerOf() on an ERC-721 contract via my contract throws "Error: Transaction reverted: function returned an unexpected amount of data"
- Nft Minter Dapp - Unable to mint the nft
- Create random Wallet with connection to a specific provider via ethers.js
- Where does this smart contract send the money?
- Is it possible to get the ABI of a contract without the source code?
- Is it possible to store images on the Ethereum blockchain?
- How to find erc20 tokens balance
- Verifying Ethereum (Web3) signed message in PHP
- How can I re create raw transaction from the transaction receipt to verify v,r,s signature?
- Error: cannot estimate gas; transaction may fail or may require manual gas limit (Sepolia test Network)
- "Migrations" hit an invalid opcode while deploying
- Extracting emitted events (logs) from geth transaction trace (debug_traceCall)
- Merkle tree with level DB log merge tree
- How to Upgrade from ERC-721 to ERC721A in a Web3 Project Using JSON ABI?
- Does the "holy trinity" (Ethereum, Swarm and Whisper) support multimedia streaming?
- Representing NFT wallet addresses in Django model fields
- How can I get the same return value as solidity `abi.encodePacked` in Golang
- How to get ETH or BSC unverified contract ABI
- Get/guess unverified contract's external methods
- Calculate ERC20 token buy/sell tax
- How to store ETH in the Smart Contract?
- Generate Mnemonic Phrase from window.crpyto.subtle.generateKey
- Calling a smart contract without the ABI in Web3.py
- Importing ethers via Hardhat fails despite official testing documentation
- How to calculate sqrtPricex96 for uniswap pool creation?
- Availability of Ethereum Snapshots for Fast Node Sync
- How to Deploy Smart Contract on QBFT Besu network from Metamask?
- Truffle migrate Server Error (on truffle init demo)
- I am not able to use ipfs