Submission Details
Severity:
Bad randomness in 'ChoosingRam__increaseValuesOfParticipants'
Summary
Bad randomness in this function.
Vulnerability Details
In this function the values of a NFT are updated based on the input of a bad randomness.
PoC
function test_canIncreaseValuesOfPartcipants_badRandomness() public {
vm.startPrank(address(this));
ramNft.setChoosingRamContract(address(choosingRam));
vm.stopPrank();
address casualAddress1 = address(123);
vm.startPrank(casualAddress1);
ramNft.mintRamNFT(casualAddress1);
vm.stopPrank();
address casualAddress2 = address(124);
vm.startPrank(casualAddress2);
ramNft.mintRamNFT(casualAddress2);
vm.stopPrank();
address casualAddress3 = address(125);
vm.startPrank(casualAddress3);
ramNft.mintRamNFT(casualAddress3);
address casualAddress4 = address(126);
vm.startPrank(casualAddress4);
ramNft.mintRamNFT(casualAddress4);
//Calling functions with 'casualAddress4'
uint256 random =
uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao, casualAddress4))) % 2;
choosingRam.increaseValuesOfParticipants(3, 0);
if(random == 0){
assertEq(ramNft.getCharacteristics(3).isJitaKrodhah, true);
assertEq(ramNft.getCharacteristics(3).isDhyutimaan, false);
assertEq(ramNft.getCharacteristics(3).isVidvaan, false);
assertEq(ramNft.getCharacteristics(3).isAatmavan, false);
assertEq(ramNft.getCharacteristics(3).isSatyavaakyah, false);
address _selectedRam = choosingRam.selectedRam();
assertEq(_selectedRam, 0x0000000000000000000000000000000000000000);
} else {
assertEq(ramNft.getCharacteristics(0).isJitaKrodhah, true);
assertEq(ramNft.getCharacteristics(0).isDhyutimaan, false);
assertEq(ramNft.getCharacteristics(0).isVidvaan, false);
assertEq(ramNft.getCharacteristics(0).isAatmavan, false);
assertEq(ramNft.getCharacteristics(0).isSatyavaakyah, false);
address _selectedRam = choosingRam.selectedRam();
assertEq(_selectedRam, 0x0000000000000000000000000000000000000000);
}
choosingRam.increaseValuesOfParticipants(3, 0);
if(random == 0){
assertEq(ramNft.getCharacteristics(3).isJitaKrodhah, true);
assertEq(ramNft.getCharacteristics(3).isDhyutimaan, true);
assertEq(ramNft.getCharacteristics(3).isVidvaan, false);
assertEq(ramNft.getCharacteristics(3).isAatmavan, false);
assertEq(ramNft.getCharacteristics(3).isSatyavaakyah, false);
address _selectedRam = choosingRam.selectedRam();
assertEq(_selectedRam, 0x0000000000000000000000000000000000000000);
} else {
assertEq(ramNft.getCharacteristics(0).isJitaKrodhah, true);
assertEq(ramNft.getCharacteristics(0).isDhyutimaan, true);
assertEq(ramNft.getCharacteristics(0).isVidvaan, false);
assertEq(ramNft.getCharacteristics(0).isAatmavan, false);
assertEq(ramNft.getCharacteristics(0).isSatyavaakyah, false);
address _selectedRam = choosingRam.selectedRam();
assertEq(_selectedRam, 0x0000000000000000000000000000000000000000);
}
choosingRam.increaseValuesOfParticipants(3, 0);
if(random == 0){
assertEq(ramNft.getCharacteristics(3).isJitaKrodhah, true);
assertEq(ramNft.getCharacteristics(3).isDhyutimaan, true);
assertEq(ramNft.getCharacteristics(3).isVidvaan, true);
assertEq(ramNft.getCharacteristics(3).isAatmavan, false);
assertEq(ramNft.getCharacteristics(3).isSatyavaakyah, false);
address _selectedRam = choosingRam.selectedRam();
assertEq(_selectedRam, 0x0000000000000000000000000000000000000000);
} else {
assertEq(ramNft.getCharacteristics(0).isJitaKrodhah, true);
assertEq(ramNft.getCharacteristics(0).isDhyutimaan, true);
assertEq(ramNft.getCharacteristics(0).isVidvaan, true);
assertEq(ramNft.getCharacteristics(0).isAatmavan, false);
assertEq(ramNft.getCharacteristics(0).isSatyavaakyah, false);
address _selectedRam = choosingRam.selectedRam();
assertEq(_selectedRam, 0x0000000000000000000000000000000000000000);
}
choosingRam.increaseValuesOfParticipants(3, 0);
if(random == 0){
assertEq(ramNft.getCharacteristics(3).isJitaKrodhah, true);
assertEq(ramNft.getCharacteristics(3).isDhyutimaan, true);
assertEq(ramNft.getCharacteristics(3).isVidvaan, true);
assertEq(ramNft.getCharacteristics(3).isAatmavan, true);
assertEq(ramNft.getCharacteristics(3).isSatyavaakyah, false);
address _selectedRam = choosingRam.selectedRam();
assertEq(_selectedRam, 0x0000000000000000000000000000000000000000);
} else {
assertEq(ramNft.getCharacteristics(0).isJitaKrodhah, true);
assertEq(ramNft.getCharacteristics(0).isDhyutimaan, true);
assertEq(ramNft.getCharacteristics(0).isVidvaan, true);
assertEq(ramNft.getCharacteristics(0).isAatmavan, true);
assertEq(ramNft.getCharacteristics(0).isSatyavaakyah, false);
address _selectedRam = choosingRam.selectedRam();
assertEq(_selectedRam, 0x0000000000000000000000000000000000000000);
}
choosingRam.increaseValuesOfParticipants(3, 0);
if(random == 0){
assertEq(ramNft.getCharacteristics(3).isJitaKrodhah, true);
assertEq(ramNft.getCharacteristics(3).isDhyutimaan, true);
assertEq(ramNft.getCharacteristics(3).isVidvaan, true);
assertEq(ramNft.getCharacteristics(3).isAatmavan, true);
assertEq(ramNft.getCharacteristics(3).isSatyavaakyah, true);
address _selectedRam = choosingRam.selectedRam();
assertEq(_selectedRam, ramNft.getCharacteristics(3).ram);
} else {
assertEq(ramNft.getCharacteristics(0).isJitaKrodhah, true);
assertEq(ramNft.getCharacteristics(0).isDhyutimaan, true);
assertEq(ramNft.getCharacteristics(0).isVidvaan, true);
assertEq(ramNft.getCharacteristics(0).isAatmavan, true);
assertEq(ramNft.getCharacteristics(0).isSatyavaakyah, true);
address _selectedRam = choosingRam.selectedRam();
assertEq(_selectedRam, ramNft.getCharacteristics(0).ram);
}
}
Impact
User may know in an anticipate way what will be the random value.
Tools Used
Manual review
Recommendations
Use Chainlink VRF instead
Updates
Lead Judging Commences
bube over 1 year ago
Submission Judgement Published Assigned finding tags:
Weak randomness in `ChoosingRam::increaseValuesOfParticipants`
Rewards breakdown
nSLOC
218This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.