Nimiq Blockchain Timestamp Validation Vulnerability Allows Future Timestamp Manipulation

A vulnerability exists in the Nimiq blockchain library for Rust, specifically in versions through 1.3.0. The issue arises from the block timestamp validation, which lacks an upper bound check against the wall clock. While the validation ensures that non-skip blocks have timestamps greater than or equal to the parent's timestamp, and that skip blocks' timestamps equal the parent's timestamp plus a specified timeout, it fails to restrict timestamps from being set arbitrarily far into the future. This flaw can be exploited by a malicious block-producing validator, leading to inflated reward calculations that disrupt the intended monetary supply schedule.

Impact

Exploitation of this vulnerability allows for manipulation of block timestamps, which in turn skews reward calculations and inflates the monetary supply beyond the intended emission schedule.