Decentralized clock - ChronoDAO
Remember FOMO3D blockheight hack

Motivation
In blockchain domain, time is alternated by blockheight. But for some blockchain, blockheight is not steady counted. Especially (computation-able) Plasma, always there’s risk of withholding or exit game. For better intuitive contract design, unmanipulatable real world time is needed.
Summary
- ChronoDAO users are to be calling the ChronoDAO contract from his contract at N-th blockheight. This call needs fee like RANDAO
- At N-1 block, ChronoDAO gathers the “hashed median time” beforehand
- The next block, users are able to see this median time. There’s 1 block delay.
- At N-th block, ChronoDAO collects/verify “submitted time”, then calc/returns “median time + avg-blocktime” to contract. (avg-blocktime is averaged blocktime calculated from more than 6 latest consequent blocks. This mitigates some attack vectors.)
Algorithm (Borrowed from RANDAO)
The first phase: collecting valid sha3(t)
Anyone who want to participate in the median time generation(MTG) needs to send a transaction to the contract C with m ETH as pledge in a specified time period (e.g, 6 block period, approximately 90s), accompanied by the result of sha3(t), t is the secret time respective picked by participant.
The second phase: collecting valid t
After the first phase, anyone who submitted sha3(t) successfully needs to send a transaction with the secret number t in the first stage to contract C within a specified time period. Contract C will check if t is valid by running sha3 against t and comparing the result with previous committed data. Valid t will be saved to the collection of seeds to finally generate the median time.
The third phase: calculating a median time, refund pledged ETH and bonus
- After all secret times have been successfully collected, contract C will calculate the median time from the “function getMedian(t1,t2,…,tn)”, the result will be written to the storage of C, and the result will be sent to all other contracts that requested the random number before.
- Contract C will send back the pledge to the participants in the first phase, and the profit is divided into equal parts and sent to all participants as an additional bonus. The profit comes from the fees that is paid by other contracts that consume the median time.
Attack Vector
- At N-1-th block, the median time from N-2-th block is visible
- Assume there’s careless app that the gamble result is depends on ChronoDAO time with below-blocktime unit
- If blockchain miners intensionally makes block generation faster or slower, they can game.
Mitigation
- getMedian() function must use “averaged blocktime” to fulfill the gap between “N-1-th time” and “N-th time”.
- At least 6 continuous blockheight backward from N-1th block must be averaged, and must be added to submitted time
- So the ChronoDAO based time will reflect that possible keep-being-manipulated time.
