`block.prevrandao` returns a constant on zkSync Era and Arbitrum
Summary
This vulnerability allows an attacker to manipulate the outcome of a transaction or gain an unfair advantage over other users because block.prevrandao is not random on zkSync Era and Arbitrum. It returns a constant value of 2500000000000000 on zkSync Era and a constant value of 1 on Arbitrum.
Vulnerability Details
A player can create a smart contract to manipulate the outcome of a transaction or gain an unfair advantage over other users, particularly in the functions ChoosingRam.increaseValuesOfParticipants and ChoosingRam.selectRamIfNotSelected. On zkSync Era, block.prevrandao returns a constant value of 2500000000000000, and on Arbitrum, it returns a constant value of 1.
Impact
An attacker can always win when calling increaseValuesOfParticipants to be selected as Ram, and also front-run the organizer when calling selectRamIfNotSelected to be selected as Ram.
Tools Used
Manual review.
Recommendations
Use Chainlink or an Oracle. Chainlink VRF (Verifiable Random Function) is a provably fair and verifiable random number generator (RNG) that enables smart contracts to access random values without compromising security or usability.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.