Bad source of randomness for 'rarity'
Summary
The source of randomness for rarity can be gamed/brute forced to achieve a desired outcome.
Vulnerability Details
Using msg.sender, block.difficulty as a source of randomness is not advised since the outcome can be manipulated. An attacker can use this bad source of randomness to ensure that once they're selected as a winner, they can obtain the highest rarity nft.
The rarity is currently generated as below:
These values are readily available to miners and attackers may retry and brute force until they achieve a desirable result.
An attack path for an attacker to retry the result of bad randomness can look something similar to this:
The attack requires the attacker to repeatedly call the attack function with data that is known, and the output that is wised for until the results match, and only then continue call the Raffle Contract.
Impact
An attacker can ensure that they are the ones selected as the winner for the raffle and obtain the highest rarity nft, by consecutively attacking the contract to reach a desired outcome. And finally, obtaining the nft and also the prize pool.
Tools Used
Manual review
Recommendations
Consider using a decentralized oracle for the generation of random numbers, such as Chainlinks VRF
Consider using commit-reveal schemes such as blockhash of a future block, it is less gameable but not foolproof.
Lead Judging Commences
weak-randomness
Root cause: bad RNG Impact: manipulate winner
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.