Weak randomness because of msg.sender
, block.timestamp
, and block.prerandao
hash.
Hashing msg.sender
, block.timestamp
, and block.prerandao
together creates a predictable number. Malicious users can manipulate
these values or know them ahead of time to choose the winner of the raffle themselves
Validators can influence block.timestamp
Any user can influence the winner of the battle, and winning the money.
Consider using a cryptographically provable random number generator such as Chainlink VRF and do not use block.timestamp
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.