The code snippet represents a function for conducting battles between players in a game. However, it uses a flawed method to generate randomness, making the outcomes predictable rather than truly random.
The vulnerability lies in the method used to generate randomness for determining the outcome of the battle. The code utilizes keccak256 hashing of block data such as block.timestamp, block.prevrandao, and msg.sender to produce a pseudo-random number. However, block data can be manipulated or predicted by miners to some extent, compromising the randomness of the generated number. This makes the outcome of the battle susceptible to manipulation or exploitation by malicious actors.
Using non-truly-random generation undermines the fairness and trustworthiness of the game. Players could exploit this vulnerability to gain unfair advantages, causing financial losses and damaging the game's reputation.
##tool used
manual audit
To address this vulnerability, it's crucial to use a secure and decentralized source of randomness, such as Chainlink VRF. Integrating Chainlink VRF would ensure that battle outcomes are genuinely random, enhancing fairness and trust in the game.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.