Description:

In the RapBattle::goOnStageOrBattle() function we can see that

Impact:

A malicious user could potentially front run another user based on the available on chain data of the defender, or the MEV bot can re-arrange the order of the transactions making someone else can the function first and then based on the data call the RapBattle::goOnStageOrBattle() function

Proof of Concept: here is the POC

Here we can see that just 1 function is used to getready for a battle and even battle itself. The getReadyForBattle this can create an opportunity to the MEV bots to reorder the transaction and simulate the possibility since weak Randomness is used, when the contract is empty the user and attacker will call the RapBattle::getReadyForBattle and the MEV bot can lookup the user stats and based on it reorder the transactions

Recommended Mitigation:

the recommended steps for mitigation will be is having different functions for different actions like RapBattle::getOnStage() and RapBattle::battle() which will help fight MEV

Tools Used:

Manual Review