The random number that determines the battle winner is not really random
Summary
In RapBattle.sol, the winner is determined by 'uint256 random' variable, which is not 100% random as it can be manipulated.
Vulnerability Details
uint256 random = uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender))) % totalBattleSkill;
The random variable depends on the hash of three elements: block.timestamp, block.prevrandao, msg.sender. The value of these elements can be predictable (block.timestamp is the block number to be mined and block.prevrandao is related to the difficulty of mining the block), therefore the hash also would.
Impact
Predicting the outcome from the hash means predicting who the winner will be, which allows to manipulate any of the variables to change the random number and the winner of the battle. This clearly allows miners to influence the battle and make the other player win in an unfair way.
Tools Used
Manual review.
Recommendations
In general, random numbers obtained with the hash of predictable variables are not secure for protocols. The main recommendations to mitigate this issue is to use an off-chain service as an Oracle, such as Chainlink VRF which can truly provide a 100% reliable random number.
https://docs.chain.link/vrf
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.