.png)
1 hour ago
2
Contents of the blog:
- How I found the 🐛
- Short explanation of Unix timestamps
- What's the issue?
- The potential 🌐 impacts it has
- How to prepare yourself for the upcoming event (How to fix it 😅)
If you read this article, you have most probably come up to reading or writing code that utilizes the Unix timestamp. I've used it extensively in my software engineering experience, but didn't go into details about its origin and what it actually represents.
All I knew was that it represent some time that I needed to parse by using some library🤷♂, like:
import datetime unix_timestamp = 1632031200 # Convert the Unix timestamp to a datetime object datetime_obj = datetime.datetime.utcfromtimestamp(unix_timestamp) # Format the datetime object as a string formatted_time = datetime_obj.strftime('%Y-%m-%d %H:%M:%S') print(formatted_time).. and to be honest, that was and is enough for most devs to know!
🔎 How I found the BUG
Note: By found I mean, found that the BUG existed! 😅 ✌️
I recently started learning some Solidity, as the language really interests me and I want to expand my knowledge in Web3. In it, there is this global variable called block.timestamp , which represents the current timestamp (in seconds since the Unix epoch) of the block being mined.
Since this is a pretty important variable in this language, I decided to dig a little deeper into Unix and what is it actually! 🤔
📝 Short explanation of Unix timestamps
In essence, a UNIX timestamp is a way to express a specific date and time as a single integer value.
More specifically it is a numeric representation of time, counting the number of seconds that have passed since January 1, 1970 (the Unix epoch).
More technically, it is stored as a 32-bit signed integer in many systems, which means it can represent time up to 2,147,483,647 seconds (or 68 years) from the Unix epoch.
🚨 What's the issue?
Knowing the above 'more technical' note, a lot of engineers measure time in Unix time, which is the number of seconds elapsed since the Unix epoch (again, that's - January 1st 1970 00:00:00 UTC).
At the time of me writing this post, the Unix timestamp is:
1695139729 = ~ September 19th 2023 7:08:50 UTC
Here comes the problem..
if you, as an engineer, decided to store the Unix timestamp as a 32-bit signed integer, which goes up to the number 2147483647, you will face the 2038 problem, because on January 19th 2038 at 03:14:08 UTC, you will hit that last number of the integer! 🤯
Going back to the CS classes at uni or to the Udemy course you took 🤓, this means that your 32-bit signed integer will overflow, or go beyond its maximum value.
When it does this, it flips the signed bit, or it will be equal to −2147483647. This means that Unix timestamps stored in 32-bit integers will read 2147483647 seconds before epoch, a.k.a we will be time-travelling 🔙 to December 13th 1901! 😅
The potential 🌐 impacts of the issue
- Incorrect Time Representations — I guess it's pretty self-explanatory 🤷♂
- Software Malfunctions — Many software applications and systems rely on accurate time calculations for various functions, such as scheduling tasks, logging events, and managing data.
- Security Risks — certificate validity periods and authentication tokens with expiration times, may be affected.
- Financial and Economic Impact — these industries rely heavily on accurate timekeeping, so not preventing this attack could cause massive disruptions. Similar to what had already happend in the Y2K-bug 👇
https://education.nationalgeographic.org/resource/Y2K-bug/
- Embedded Systems — many of whom use 32-bit processors, which makes them vulnerable to serious safety implications!
- Data Integrity — issues with data integrity and retrieval when timestamps become negative
🤔 How to prevent this problem?
By storing the Unix timestamp in a 62-bit signed Integer! I guess that would solve the issue, except that it's more costly aaaand you will face the same issue again in approximately 292 billion years! 😜
Of course that's not the only way to solve the issue, but it for sure is the easiest way in my opinion. I won't provide you with all the solutions for this problem, because I want you to do a little RnD on your own and comment 💭 below some other ideas that you've found and can fix the issue! 👇
I hope this post brought you some insights about the problem we have at hand! Drop a clap 👏 if you find this content insightful and you want more!
