Time-synchronization attacks on phasor measurement units (PMUs) pose a real threat to smart grids; it was shown that they are feasible in practice and that they can have a nonnegligible negative impact on state estimation, without triggering the bad data detection mechanisms. Previous works identified vulnerability conditions when targeted PMUs measure a single phasor. Yet, PMUs are capable of measuring several quantities. We present novel vulnerability conditions in the general case, where PMUs measure any number of phasors and can share the same time reference. One is a sufficient condition that does not depend on the measurement values. We propose a security requirement that prevents it and provide a greedy offline algorithm that enforces it. If this security requirement is satisfied, there is still a possibility that the grid can be attacked, although we conjecture that it is very unlikely. We identify two sufficient and necessary vulnerability conditions, which depend on the measurement values. For each, we provide a metric that shows the distance between the observed and vulnerability conditions. We recommend their monitoring for security. Numerical results on the IEEE-39 bus benchmark with real load profiles show that the measurements of a grid satisfying our security requirement are far from vulnerable.