Source of randomness to select winner is insufficient
Summary
The winner in PuppyRaffle.sol is determined through a seemingly random number based on a hash of the msg.sender address, timestamp and block difficulty. However, this number is not random, and can be predicted offchain, or even manipulated through collaboration with the block validator.
Vulnerability Details
Truly random number sources do not exist on the blockchain, and so random-looking numbers can be generated by hashing seemingly random data. However, this data is available to everyone on chain, and because the function is callable by anyone, it can be determined locally and then called when it is determined that the attacker will win. Additionally, miners can collude to discard transactions where the attacker doesn't win.
Impact
The attackers can easily increase their chance of winning by monitoring the chain, determining the results off-chain, and submitting the selectWinner transaction when it is advantageous to them, thus ruining the concept of the protocol to ensure a random winner. This attack is highly likely, and completely ruins the goal of the contract, and as such is a high risk vulnerability.
Tools Used
none
Recommendations
Using random numbers for a blockchain based application is very difficult, but there are some ways to enhance the functionality such that some attacks are less likely. For example, requiring users to use a commit-reveal scheme, using sources of randomness from oracles, etc. In general, the way the winner is selected needs to be redesigned entirely.
Lead Judging Commences
weak-randomness
Root cause: bad RNG Impact: manipulate winner
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.