Weak randomness in `ChoosingRam:increaseValueOfParticipants` allows user to influence who can become Ram
Description: Description: The selectRamIfNotSelected relies on a pseudo-random number generation using block.timestamp and block.prevrandao to select a participant as "Ram". These poor randomness can lead to the values being influenced by a Malicious user, allowing them withdraw the funds as a reward.
Impact: An Malicious user can influence the random number, allowing them to ensure a specific participant is always selected as "Ram". This is a braking functionality that
Proof of Concept: Validators can know ahead of time the block.timestamp and block.prevrandao and use that knowledge to predict when and how to participate. By controlling these variables, they can influence the outcome of the random number generation. This is a topic that is talk about often so here is an article written by Rareskills
Recommended Mitigation: To mitigate this vulnerability, use a secure source of randomness such as Chainlink VRF, which provides tamper-proof randomness. This ensures that the random number used in the selection process is unpredictable and cannot be manipulated by attackers.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.