H-4: In the "selectWinner" function, the calculation of the rarity is not truly randomly generated.
Summary
HIGH-4: In the "selectWinner" function, the calculation of the rarity is not truly randomly generated.
uint256 rarity = uint256(keccak256(abi.encodePacked(msg.sender, block.difficulty))) % 100;
Vulnerability Details
Similar to H-3, the winnerIndex creates a keccak256 hash of two variables. msg.sender (the address of the caller of the function), and block.difficulty to determine the rarity of the NFT. Both these variables can be retrieved from the chain or are known to the sender. The hashing algorithm is also a publically available program that can help malicious users determine when to call the function to be obtain any NFT they want.
Impact
Potential to bend the contract to the attackers will, making him win NFTs by knowing the result of the calculation in advance.Such vulnerability impacts the chances set for winning individual NFTs.
Tools Used
Static analysis, local testing
Recommendations
Best practice would be using oracles - off-chain system for providing random data with low/no risk of being manipulated. Alternativelly, including the block nonce in the hashing process might help mitigating the risk, because nonce is being as close on the chain as it gets.
Lead Judging Commences
weak-randomness
Root cause: bad RNG Impact: manipulate winner
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.