[Climber] Fix logic bug for the schedule delay not being considered #16
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hey, thanks for your suggestion. This may have been an unintended bug :) Perhaps it's solved in V3, perhaps it's not. We'll see! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi tincho !
I'm currently delving into the smart contract security world and your work on the damn-vulnerable-defi challenges has been a immense source of knowledge for me to learn about those exploits so thanks a lot for that !
I recently completed the Climber challenge and I was wondering how the
ClimberTimelocklet me execute immediately after callingschedulesince there should be a 1 hour delay and I did not change it through theupdateDelayfunction.I figured there is a little logic bug in the
getOperationStatefunction : it should check if theblock.timestampis >= to theop.readyAtTimestamp, not the other way around.This effectively affects the resolution of this challenge :
Spoiler
I solved the challenge by granting my contract the "proposer" role to be able to schedule any transaction from the `ClimberTimelock` contract (full solution here). When first calling `execute` to set the role, there is now an additional step of calling `updateDelay` first to set the schedule delay to zero to be able to finish the `execute` transaction (or else it will simply revert).I didn't change the challenge setup but I could also include tests for ensuring the delay is being considered if needed.
Thanks for reviewing this !