Winner Front-Running
Summary
The selectWinner function is vulnerable to front-running attacks. Specifically, by observing a legitimate transaction that invokes this function in the mempool, an attacker can preemptively send their own transaction with a higher gas fee to manipulate the outcome of the winner selection and possibly profit from the subsequent prize distribution.
Vulnerability Details
Predictable Randomness:
The function uses msg.sender, block.timestamp, and block.difficulty as seed values for the keccak256 hash function to generate "randomness". However, two of these values (msg.sender and block.timestamp) can be controlled or influenced by the attacker, especially when they are front-running.
Gas Price Manipulation:
Since Ethereum miners prioritize transactions offering higher gas fees, an attacker can observe the selectWinner transaction in the mempool and send a similar transaction with a higher gas price. By doing so, the attacker ensures that their transaction is mined before the original one.
Manipulated Outcome:
By preempting the original transaction, the attacker's transaction becomes the one to set the block.timestamp and uses the attacker's address for msg.sender, which in turn influences the outcome of the winner selection.
Impact
Unfair Winner Selection
Recommendations
Use External Randomness:
Employ services like Chainlink VRF (Verifiable Random Function) which provide on-chain verifiable randomness that is hard to manipulate.
Use More Complex Ways to Determine the Winner
Commit-Reveal techniques
zk-solutions
Use only private mempools
Batching providers like Flashbots, etc.
Lead Judging Commences
weak-randomness
Root cause: bad RNG Impact: manipulate winner
selectWinner can be frontran
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.