Weak Randomness in RapBattle while obtaining the winner by using arbitrary or manipulative values
The function RapBattle::_battle
makes 2 NFTs battle and get a winner from it
However, the random factor that determines the winner is not completely random! Blockchain is deterministic!
You can exploit all block.timestamp, block.prevrandao and msg.sender!
Being able to manipulate the random number to win the battles
Manual Review, Slither
Using ChainlinkVRF to obtain a real random number off-chain
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.