First Flight #10: One Shot

First Flight #10

Beginner FriendlyFoundryNFT

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

weak PRNG

0xjarix

Summary

weak PRNG in _battle() that makes it possible for the defender to win any battle.

Vulnerability Details

in this line:
uint256 random =
uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender))) % totalBattleSkill;
The defender already knows msg.sender since it is the address of the contract he's interacting with.
The defenfer already can decide the block.timestamp, since he's the one calling goOnStageOrBattle(), he can decide when to call it exactly.
The defender already knows totalBattleSkill since it's the sum of his skill and his opponent's
block.prevandao reads the RANDAO mix generated in the previous block. (prev block.difficulty)
random should be unknown to the sender, then the block.prevrandao is useless.

Impact

Defender can win any battle and gets defenderBet and _credBet

Tools Used

Slither

Recommendations

Use chainlink oracle for randomness

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Weak Randomness

Rewards breakdown

nSLOC

201

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.