Weak PRNG at selectWinner
Summary
selectWinner relies on parameters that can be manipulated by the players/miners.
Vulnerability Details
The line 129:
uint256 winnerIndex = uint256(keccak256(abi.encodePacked(msg.sender, block.timestamp, block.difficulty))) % players.length;,
uses block metadata for choosing the random winner, which can be manipulated to some extent:
block.timestamp, which can be manipulated by the miners.block.difficulty, which can be predicted to some extent and, moreover, it adjusts only every 2016 blocks in Ethereum, and it remains constant for many blocks at a stretch.msg.sender, which is constant and might give a small sense of the pattern
Impact
Bad players can manipulate the results of the game
Recommendations
Avoid using weak randomizing parameters like block.timestamp and block.metadata. For a more robust randomness solution in Solidity, consider using something like Chainlink VRF (Verifiable Random Function). Chainlink VRF provides provably-random numbers that are verifiable on-chain and are resistant to manipulation by any party, including miners.
Lead Judging Commences
weak-randomness
Root cause: bad RNG Impact: manipulate winner
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.