First Flight #17: Dussehra
First Flight #17
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

`ChoosingRam::increaseValuesOfParticipants` use weak PRNG to select a Ram, This can be influenced by miners.

brutalclowney

Description
ChoosingRam::increaseValuesOfParticipants uses Weak PRNG due to a modulo on block.timestamp, now or blockhash. These can be influenced by miners to some extent so they should be avoided. Given that this function can be called many times in succession, 5 calls within the same block will return the same answer. A miner can influence this to make sure that their token is the one selected to have its values increased, then call the function in succession within the same block.

uint256 random =
uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender))) % 2;

Impact
As this method of RNG can be influenced or predicted, this renders the randomness of selecting a winner not best practice and creates an unfair environment for participants.

Proof of Concepts
Run the following test in any test suite:

function testWeakRng() public view{
uint256 badRandom;
badRandom = uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender))) % 2;
console.log(badRandom);
}

When running the test multiple times the same answer of 0 was returned. Without calling vm.warp and modifying the block.timestamp this calculation will always return the same result.

for further context see the following slither documentation:

https://github.com/crytic/slither/wiki/Detector-Documentation#weak-PRNG

Recommended Mitigation
Consider using Chainlink VRF as this is a cryptographically proven way of choosing a random number.

Updates

Lead Judging Commences

bube Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Weak randomness in `ChoosingRam::increaseValuesOfParticipants`

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.