PuppyRaffle::`selectWinner()` - L128-L129: Increasing Randomness in Winner Selection for Improved Fairness.
Summary
PuppyRaffle::selectWinner() - L128-L129: Increasing Randomness in Winner Selection for Improved Fairness.
Vulnerability Details
The PuppyRaffle contract currently employs a method of selecting a winner based on a hash of on-chain data, which combines the sender's address, block timestamp, and block difficulty. While this method provides a degree of randomness, it lacks the level of verifiability and transparency that can be achieved with Chainlink VRF (Verifiable Random Function). Chainlink VRF is a secure and decentralized solution that offers provably random and verifiable outcomes, enhancing the fairness and trustworthiness of the winner selection process.
Impact
LOW.
Tools Used
VSC.
Recommendations
To enhance the current raffle winner selection method, consider adding msg.sender nonces for improved randomness. However, for a more secure, transparent, and trustworthy solution, opt for Chainlink VRF. Chainlink VRF provides provably random and verifiable outcomes, ensuring fairness, security, and user trust.
Lead Judging Commences
weak-randomness
Root cause: bad RNG Impact: manipulate winner
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.