The random
value used during ChoosingRam::selectRamIfNotSelected
can be influenced by a malicious validator, which can be abused to guarantee a specific address is set for selectedRam
.
ChoosingRam::selectRamIfNotSelected
determines the random
value by hashing two block attributes (block.timestamp
and block.prevrandao
). Of these values, block.prevrandao
is known beforehand, and block.timestamp
can be influenced by validators.
A block's block.timestamp
can be influenced by a malicious validator, resulting in a random
value that is not truly random. This can be abused to guarantee a specific NFT tokenId is chosen to set selectedRam
to a desired address for economic gain.
Manual Review
Use a better source of randomness, such as Chainlink VRF.
The organizer is trusted, but the function `ChoosingRam::selectRamIfNotSelected` uses a way to generate a random number that is not completely random.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.