search
Active Boosts

59533 sc low firelightvault sol periodattimestamp will return an incorrect period number due to flawed logic

Submitted on Nov 13th 2025 at 07:33:03 UTC by @maggie for Audit Comp | Firelightarrow-up-right

  • Report ID: #59533

  • Report Type: Smart Contract

  • Report severity: Low

  • Target: https://github.com/firelight-protocol/firelight-core/blob/main/contracts/FirelightVault.sol

  • Impacts:

    • Contract fails to deliver promised returns, but doesn't lose value

hashtag
Description

hashtag
Brief/Intro

FirelightVault.sol#periodAtTimestamp() is used to get the period number for the given timestamp. In order to get the period number, we should get the period configuration for the give timestamp first, then add passed period number to startingPeriod of period configuration. However, the passed period number is calculated with current timestamp instead of the give timestamp, which will cause incorrect period number.

hashtag
Vulnerability Details

function periodAtTimestamp(uint48 timestamp) public view returns (uint256) {
    PeriodConfiguration memory periodConfiguration = periodConfigurationAtTimestamp(timestamp);
    // solhint-disable-next-line max-line-length
    return periodConfiguration.startingPeriod + _sinceEpoch(periodConfiguration.epoch) / periodConfiguration.duration;
}

function _sinceEpoch(uint48 epoch) private view returns (uint48) {
    return Time.timestamp() - epoch;
}

periodConfiguration for the give timestamp is fetched, then add periodConfiguration.startingPeriod with passed period number. Passed period number = (time since epoch) /periodConfiguration.duration :

In function periodAtTimestamp(uint48 timestamp), passed period number is calculated as following:

which is :

If the give timestamp is not the current time, this function could return an incorrect period number.

We assume the following period configuration for the give time, 2025-11-03 10:00:00.

1, epoch: 2025-11-01 08:00,

2, duration: 1 days,

3, startingPeriod: 10

Now, user want to get period number for 2025-11-03 10:00:00, the expected period number should be:

startingPeriod + passed period number =

10 + (2025-11-03 10:00:00 - 2025-11-01 08:00) / 1days =

10 + 2 = 12

In fact, if users query the timestamp(2025-11-03 10:00:00) at 2025-11-06 10:00:00, user will get 10 + (2025-11-06 10:00:00 - 2025-11-01 08:00) / 1days = 10 + 5 = 15.

If users query the timestamp(2025-11-03 10:00:00) at 2025-11-07 10:00:00, user will get 10 + (2025-11-07 10:00:00 - 2025-11-01 08:00) / 1days = 10 + 6 = 16.

hashtag
Impact Details

FirelightVault.sol#periodAtTimestamp() is a public function opened to all users, if the given timestamp is not the current timestamp, users could get an incorrect period number, which will affect following operations.

hashtag
References

https://github.com/firelight-protocol/firelight-core/blob/main/contracts/FirelightVault.sol#L249

hashtag
Proof of Concept

hashtag
Proof of Concept

PoC steps:

1, add new period configurations.

2, set current time to new_epoch+7days, and query period number for (new_epoch + 2days)

3, set current time to new_epoch + 14days, and query period number for (new_epoch + 2days)

4, period number in step 2 and step 3 should be the same.

Please add the following code to period_update.js and run the test:

Previous#59559 [SC-Low] period calculation does not use provided timestamp in periodattimestampNext#59467 [SC-Low] periodattimestamp ignores input parameter

Was this helpful?