A Time-Dependence Attack (also known as timestamp manipulation attack) occurs when a smart contract relies on block.timestamp (the current block’s timestamp) to make critical decisions — and an attacker (or miner) exploits the fact that this timestamp can be slightly manipulated.
Even though block.timestamp seems like a neutral, objective value (like a clock), it is not fully trustless because miners have partial control over it.
block.timestampblock.timestamp is a global variable in Ethereum (and similar blockchains) that returns the Unix timestamp (in seconds) of when a block was mined.1712345678 represents April 5, 2024, 10:34:38 UTC.Miners can slightly manipulate block.timestamp.
They cannot set it to any arbitrary time (e.g., year 3000), but they can adjust it within a small window — typically ±15 seconds or so — to influence outcomes.
Why? Because the blockchain protocol only requires that:
So miners can choose a valid timestamp within this range — and use that power to their advantage.
Let’s look at the example from the transcript:
contract TimeDependence {
function checkWinner(uint256 value) public view returns (bool) {
if (block.timestamp % 10 == value) {
return true; // You win!
}
return false;
}
}