Petite Fleece Cheetah
High
Cobra commands initialize the genesis time with time.Now().
The reason why time.Now() is considered problematic for genesis time is, firstly, non-determinism, the value returns the current system time that varies across the nodes. This creates inconsistencies when initializing a blockchain. Since it's a genesis time, its initialization is critical to the whole blockchain. If it's not the same across the nodes, it can fail to start or produce inconstent states:
https://github.com/sherlock-audit/2024-12-babylon/blob/main/babylon/cmd/babylond/cmd/flags.go#L132
// genesis args
cmd.Flags().Int64(flagGenesisTime, time.Now().Unix(), "Genesis time")
// blocks argsNo response
No response
No response
Chain start failure in the beginning or it'll start to produce inconsistent states.
According to the CosmosSDK documentation:
https://docs.cosmos.network/main/build/building-apps/security-part-1#invalid-time-handling
Avoid using time.Now() since nodes are unlikely to process messages at the same point in time even if they are in the same timezone. Instead, always rely on ctx.BlockTime() which should be the canonical definition of what "now" is.Rely on ctx.BlockTime() which should be the canonical definition of what "now" is (Cosmos docs recommended mitigation) or choose a deterministic default value like this:
cmd.Flags().Int64(flagGenesisTime, time.Date(2023, 10, 1, 0, 0, 0, 0, time.UTC).Unix(), "Genesis time (Unix timestamp). Default: October 1, 2023, 00:00:00 UTC.")