First Flight #2: Puppy Raffle

Summary

the raffle process relies on blockchain parameters and the caller's address for determining the winner and NFT rarity, making it susceptible to exploit.

Vulnerability Details

a user could exploit the system by making repeated calls through various accounts to improve their chances of winning or achieving a desired rarity. the randomness is weak and highly exploitable.
A saavy actor can essentially predict if they will be the winners at a given block, and from there also easily determine the rarity of the nft that will be minted to them. The WinnerSelect and rarity calculations are essentially not different enough to make this vector infeasible.

WinnerIndex relies on the calculation 'keccak256(abi.encodePacked(msg.sender,block.timestamp,block.difficulty))'
And rarity relies on the calculation 'keccak256(abi.encodePacked(msg.sender, block.difficulty))'

Impact

This is a high impact vulnerability.
It is trivial to bypass the sibyl resistance mechanism(no duplicate addresses), so a motivated attacker with a lot of resources can essentially ensure a key they control is selected as a winner, and they can run simulations through various keys they control to see which key at which block will satisfy the requirements.

It becomes a serious issue once the value of a high-rarity NFT is much greater than the entrance fee. This would compromise the fairness of the lottery and could result in financial loss for other participants.

Tools Used

manual review

Recommendations

consider removing msg.sender from the randomness calculation, as that is an input the attacker can change at will. It is highly recommended to use decentralized randomness sources such as chainlink VRF