Weak Source of Randomness Used in `ChoosingRam::selectRamIfNotSelected` Can Be Influenced by Malicious Validator for Economic Gain
Summary
The random value used during ChoosingRam::selectRamIfNotSelected can be influenced by a malicious validator, which can be abused to guarantee a specific address is set for selectedRam.
Vulnerability Details
ChoosingRam::selectRamIfNotSelected determines the random value by hashing two block attributes (block.timestamp and block.prevrandao). Of these values, block.prevrandao is known beforehand, and block.timestamp can be influenced by validators.
Impact
A block's block.timestamp can be influenced by a malicious validator, resulting in a random value that is not truly random. This can be abused to guarantee a specific NFT tokenId is chosen to set selectedRam to a desired address for economic gain.
Tools Used
Manual Review
Recommendations
Use a better source of randomness, such as Chainlink VRF.
Lead Judging Commences
Weak randomness in `ChoosingRam::selectRamIfNotSelected`
The organizer is trusted, but the function `ChoosingRam::selectRamIfNotSelected` uses a way to generate a random number that is not completely random.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.