search
Active Boosts

59852 sc low incorrect period calculation inside periodattimestamp resulting in returning period now instead of period at given timestamp

Submitted on Nov 16th 2025 at 12:34:49 UTC by @hcrlen for Audit Comp | Firelightarrow-up-right

  • Report ID: #59852

  • Report Type: Smart Contract

  • Report severity: Low

  • Target: https://github.com/firelight-protocol/firelight-core/blob/main/contracts/FirelightVault.sol

  • Impacts:

    • Contract fails to deliver promised returns, but doesn't lose value

hashtag
Description

hashtag
Brief/Intro

The periodAtTimestamp(uint48 timestamp) function is documented to return the period number for a given timestamp, but due to the _sinceEpoch() it incorrectly returns the current period regardless of the input timestamp. This breaks historical period queries and any off-chain systems relying on this function, but does not affect core vault operations or cause loss of funds.

hashtag
Vulnerability Details

The periodAtTimestamp() function accepts a timestamp parameter and promises to return the period number corresponding to that timestamp:

/**
     * @notice Returns the period number for the timestamp given.
     * @dev Return value may be unreliable if period number given is far away in the future
     * @dev given that new period configurations can be added after nextPeriodEnd().
     * @return The period number corresponding to the given timestamp.
     */
    function periodAtTimestamp(uint48 timestamp) public view returns (uint256) {
        PeriodConfiguration memory periodConfiguration = periodConfigurationAtTimestamp(timestamp);
        // solhint-disable-next-line max-line-length
        return
            periodConfiguration.startingPeriod + 
@> _sinceEpoch(periodConfiguration.epoch) / periodConfiguration.duration;
    }

inside _sinceEpoch function it uses time.timeStamp()

The issue is in the _sinceEpoch() function, which always uses Time.timestamp() (current block time) instead of the provided timestamp parameter.

hashtag
Impact Details

The function calculates the period based on the current time, not the requested historical timestamp. This means:

The same input (timestamp) returns different outputs depending on when the function is called

  1. Unreliable Public Interface

  • The function signature promises one behavior but delivers another

  • Any integration depending on accurate historical period data will malfunction

  1. Historical period queries are broken

  • Any attempt to query historical period numbers returns incorrect results

  • Off-chain systems cannot reliably verify past period data

  • Analytics dashboards will show incorrect historical period information

  1. The function violates its specification and natspec documentation

hashtag
References

FirelightVault.sol - periodAtTimestamp() - Line 246-250

FirelightVault.sol - _sinceEpoch() - Line 795-297

hashtag
Proof of Concept

hashtag
Proof of Concept

This PoC uses the implementation contract directly without a proxy, as the bug exists in the core logic and is not related to proxy mechanics. The bug is reproducible regardless of deployment method. Using foundry Place the test file in test folder Run: forge test --match-test test_periodAtTimestampReturnsIncorrectly -vv

This should be the test result :

Previous#59879 [SC-Low] logic bug in periodattimestampNext#59820 [SC-Low] periodattimestamp returns current period instead of historical period

Was this helpful?