First Flight #2: Puppy Raffle
First Flight #2
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Bad RNG calculation cause the winner and the rarity to be predicted

davide

Summary

The RNG formula implemented in the PuppyRaffle#selectWinner() function for selecting the winner and the rarity is not following the best practices for generating random numbers on-chain causing the raffle to be corruptible.

Vulnerability Details

The PuppyRaffle#selectWinner() function is using two bad methods to calculate a random number.
In the following line of code is trying to generate a random index to select the winner but the tree values used for the hash msg.sender, block.timestamp and block.difficulty are all visible for the public and can be easily obtained and tried being the PuppyRaffle#selectWinner() callable by anyone being external

uint256 winnerIndex =
uint256(keccak256(abi.encodePacked(msg.sender, block.timestamp, block.difficulty))) % players.length;

Same thing also for the rarity calculation

uint256 rarity = uint256(keccak256(abi.encodePacked(msg.sender, block.difficulty))) % 100;

Anyone can call the function and see if the two parameters generate the rarity wanted.

Impact

Any player can use the PuppyRaffle#selectWinner() function predicting the outcome of the raffle making some tries until the best outcome for them is generated causing the raffle to be unfair.

Tools Used

Manual review.

Recommendations

Use Chainlink VRF to have a better RNG method and make the raffle correct.

Updates

Lead Judging Commences

Hamiltonite Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

weak-randomness

Root cause: bad RNG Impact: manipulate winner

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.