Summary

The RapBattle contract uses a pseudo-random number generation technique that relies on block.timestamp, block.prevrandao, and msg.sender to determine the outcome of a battle. This method is considered weak and can be exploited by miners or validators, as they have some control over the block.timestamp and can potentially manipulate transaction ordering to achieve a desired outcome.

Vulnerability Details

A miner or validator, upon seeing a profitable outcome, could manipulate the block.timestamp within a certain range and choose whether or not to include a transaction in a block based on whether it results in a favorable outcome. This could be done by simulating the outcome off-chain before deciding on the actual block content.

Impact

The predictability and manipulability of the random number generation can lead to unfair battles, where the outcome may be influenced by miners or validators rather than being truly random. This compromises the integrity of the game and can result in a loss of trust from the players.

Tools Used:

Slither
Manual review

Recommendations

Replace the current pseudo-random number generation with a decentralized random number generator (RNG) such as Chainlink VRF (Verifiable Random Function). Chainlink VRF provides cryptographic proof of the randomness that can be verified on-chain, ensuring that the outcome is fair and cannot be tampered with by any party.