# block timestamp manipulation within protocol bounds enables exploitation of time-dependent contract logic Block timestamps are set by block producers and are only required to be greater than the parent block's timestamp (with approximately 15-second tolerance in practice). Contract logic that depends on exact timing — auction deadlines, vesting schedules, cooldown periods — can be manipulated by validators within this window. Post-merge, mainnet timestamps are deterministic (12-second slots), but L2s and sidechains may have different constraints. Since [[on-chain randomness from block attributes is deterministic and manipulable by validators|block attributes are generally manipulable]], time-dependent logic should use wide margins and avoid decisions that depend on seconds-level precision. Since [[EVM opcode incompatibility across chains causes failures when contracts assume uniform opcode support]], timestamp semantics may differ across L2s and sidechains — contracts deployed on multiple chains must account for chain-specific block timing. --- Relevant Notes: - [[on-chain randomness from block attributes is deterministic and manipulable by validators]] — the broader block attribute manipulation problem - [[EVM opcode incompatibility across chains causes failures when contracts assume uniform opcode support]] — timestamp semantics vary across chains Topics: - [[vulnerability-patterns]]