First Flight #15: Mondrian Wallet

Summary

The NFTs are expected to have equal distribution and also should be random. But in actual practice the randomness is not actually random and it is pretty obvious to predict the NFT that will be minted on-chain as it uses parameters that are deterministic within the same transaction.

Along with that, the NFTs distribution is not equal, the ART_FOUR has way more probability to be minted due to the modNumber being way wide for the ART_FOUR.

Vulnerability Details

• The vulnerability is present in the MondrianWallet::tokenURI function where it decides NFT on the basis of a randomness that is not actually random and is deterministic in the same transaction for minting the NFT, therefore allowing users to mint their NFT of their choice and thus is not random.

• The parameters used for random number generation are tokenId and 10. tokenId denotes tokenid that will be minted and is available to the caller and 10 is a constant. Thus, can be easily predicted, therefore randomness is not actually random and obviously predictable.

• Along with that the NFT are not equally likely distributed, ART_FOUR have way more probability than the other NFTs to get minted, and is due to the fact that for every NFT it uses modNumber to get the ART, which is obtained by tokenId modulo 10. and thus generates number in the range 0-9

Below is the criteria (ART to modNumber)

Therefore, the probability for ART_ONE, ART_TWO, ART_THREE is 1/10, but for ART_FOUR it is 7/10 and hence they don't follow equal distribution.

Impact

NFTs are not random and not follow equal distribution.

Tools Used

Manual Review

Recommendations

Use chainlink VRF service to get the randomness and correct the criteria for determining the distribution.
After getting the random number perform modulo with 4, by doing so every NFT has a equal distribution 1/4 each.