First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Valid

WeakRandomness in `ChoosingRam::selectRamIfNotSelected`

nem0x001

WeakRandomness in ChoosingRam::selectRamIfNotSelected

Description:

The selectRamIfNotSelected function in the ChoosingRam contract uses a weak randomness mechanism that relies on block.timestamp, block.prevrandao, and msg.sender to determine the random outcome. This method of generating randomness is susceptible to manipulation by miners and other participants, compromising the fairness and security of the selection process.

Proof of Concept:

https://prnt.sc/0otWih7Qycgy

Recommended Mitigation:

  • Use chainlink VRF:https://docs.chain.link/vrf

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic
nem0x001 Submitter
about 1 year ago
bube Lead Judge
about 1 year ago
bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Weak randomness in `ChoosingRam::selectRamIfNotSelected`

The organizer is trusted, but the function `ChoosingRam::selectRamIfNotSelected` uses a way to generate a random number that is not completely random.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.