Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Valid

People can wait for a tokenId to get a certain NFT

Summary

the token assignment is based on deterministic patterns can lead to predictability in the distribution of unique assets. This predictability allows users to wait for a specific tokenId to mint an NFT that is perceived to be more valuable, potentially leading to market manipulation and unfair advantages.

Vulnerability Details

In contracts where the token URI is derived from a deterministic pattern, such as using a modulo operation to map token IDs to a specific set of URIs, users can predict which NFT they will receive based on the token ID. this defeats the random feature of the attribution of these nfts

Impact

Unfair Advantage: Users can wait for or reserve specific token IDs to get a desired NFT, creating an unfair advantage and undermining the concept of random or fair distribution.
Market Distortion: When people can predict and target specific token IDs, it can lead to artificial scarcity or inflated value for certain NFTs, distorting the market.

Tools Used

Manual review

Recommendations

Use chainlink VRF to create a random number for each user and avoid any type of MEV attacks

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

NFTs are not random

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.