weak random winner pick mechanism causes manipulated raffle result
Summary
The raffle protocol employs a method of selecting the winner by using the encoded values of msg.sender, block.timestamp, and block.difficulty. This approach is implemented with the following code:
Vulnerability Details
Although the protocol uses the keccak256 hash mechanism, the use of msg.sender, block.timestamp, and block.difficulty as sources of randomness is susceptible to manipulation and guessing. The combination of these factors can potentially compromise the integrity of the winner selection process.
Impact
After the implementation changes for backward compatibility, the old block.difficulty opcode, which previously provided the current block's Proof of Work difficulty, now returns the PREVRANDAO value. PREVRANDAO, being not truly random, can be manipulated, especially by validators who have access to this value when proposing new blocks. Consequently, such manipulation can enable these validators to predict the pseudo-random value used in the smart contract's logic, thus compromising the fairness of the raffle.
Tools Used
Manual code review
Recommendations
To ensure the integrity and fairness of the raffle, it is strongly advised to employ off-chain mechanisms for generating random numbers, such as using secure and decentralized oracles like Chainlink. Implementing such off-chain solutions can significantly increase the security and reliability of the protocol, mitigating the risks associated with predictable pseudo-random number generation.
Lead Judging Commences
weak-randomness
Root cause: bad RNG Impact: manipulate winner
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.