TimeLockVault

TimeLockVault is a minimal Solidity contract deployed on December 20, 2015 by address 0x13ae03f074e247b41108b065438b8ee352dba0db. Its stated purpose was to lock ETH deposits for a fixed duration before allowing withdrawal. A single depositor sent 50 ETH into the contract on deployment day, setting a 20-year lock that nominally expires on December 15, 2035.

The contract stores deposits in a mapping of address to a struct containing a balance and an unlock timestamp. Sending ETH to the contract records the deposit and sets the unlock time to the current block timestamp plus a hardcoded duration of 630,720,000 seconds (exactly 20 years). The withdraw function is publicly callable but only sends funds to the caller if that caller has a recorded balance in the mapping.

The contract contains a critical logical error in the withdrawal condition. The check reads unlockTime > block.timestamp, meaning withdrawal is permitted only while the lock is still active, and blocked once the lock expires. The developer almost certainly intended the inverse: block.timestamp > unlockTime, which would allow withdrawal only after the lock period ends. As written, the function behaves in the opposite way intended: depositors can withdraw at any time before 2035, and the funds become permanently frozen after that date.

As of 2026, the 50 ETH remain in the contract. The original depositor has not withdrawn despite the window being open. Numerous third-party addresses attempted withdrawal between 2017 and 2026, all failing because they had no recorded balance in the mapping. The ETH will become permanently unrecoverable after December 2035 when the inverted condition permanently evaluates to false.