The `ChoosingRam` contract uses Weak Cryptographic random number generation which could lead to manipulation by malicious validators.
Description
The contract ChoosingRam uses Weak Cryptographic random number generation to choose between a challenger and a participant in the ChoosingRam::increaseValuesOfParticipants function and also in the function ChoosingRam::selectRamIfNotSelected to select Ram. This could allow a malicous validator to manipulate the outcome of the functions, potentially influencing the winner of the event.
ChoosingRam::increaseValuesOfParticipantsand / or,ChoosingRam::selectRamIfNotSelected
Impact
The winner of the event could be manipulated by malicious validators leading to a higher chance of their desired player becoming Ram and winning the money.
Proof of Concept
ChoosingRam::increaseValuesOfParticipants
ChoosingRam::selectRamIfNotSelected
Recommended mitigation
Use a purpose built, trusted and well tested library for random number generation.
Tools Used
Manual Review
Lead Judging Commences
Weak randomness in `ChoosingRam::selectRamIfNotSelected`
The organizer is trusted, but the function `ChoosingRam::selectRamIfNotSelected` uses a way to generate a random number that is not completely random.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.