Submission Details
Severity:
Pseudorandom winner selection
Summary
Winner is chosen using predetermined parameters. Working out when to call selectWinner to land on a particular players index is feasible.
Vulnerability Details
Winner is not truly random and entrance could be engineered such that an expected outcome necessarily happens. The attacker could force a win.
Impact
The raffle cannot be trusted to fairly select a winner.
Tools Used
Manual Review
Recommendations
Implementation of chainlink VRF to provide verified random numbers would remove an attacker's ability to predict outcomes.
Updates
Lead Judging Commences
Hamiltonite almost 2 years ago
Submission Judgement Published Assigned finding tags:
weak-randomness
Root cause: bad RNG Impact: manipulate winner
Rewards breakdown
nSLOC
143This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.