On-Chain RNG Manipulation and Prediction
Summary
The selectWinner function in the PuppyRaffle smart contract relies on predictable and manipulable on-chain data such as block.timestamp, block.difficulty, and msg.sender for random number generation, leading to an insecure RNG vulnerability. Attackers could exploit this weakness to influence the outcome of the raffle and unfairly increase their chances of winning or receiving a rarer NFT.
Vulnerability Details
msg.sender: The address of the caller. An attacker can manipulate this by creating and using multiple addresses.
block.timestamp: The timestamp of the current block. Miners have some leeway to manipulate this value.
block.difficulty: The difficulty of the current block. While this is harder to manipulate, it is still predictable.
Impact
Manipulation of Results: Attackers can influence the outcome of the raffle by manipulating the on-chain data used for RNG, such as the msg.sender, block.timestamp, and block.difficulty. This allows them to increase their chances of winning or receiving a rarer NFT.
Tools Used
Foundry, manual
Recommendations
Use of Secure RNG Services: Implement secure and reliable random number generation services. You can use established RNG services like Chainlink VRF (Verifiable Random Function), which provides cryptographically secure random numbers that are verifiable on-chain.
Remove Dependency on On-Chain Data: Avoid using on-chain data such as block.timestamp, block.difficulty, and msg.sender for RNG, as these can be manipulated by miners or participants to influence the outcome.
Lead Judging Commences
weak-randomness
Root cause: bad RNG Impact: manipulate winner
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.