Beginner FriendlyFoundryNFT
100 EXP
View results
Submission Details
Severity: high
Valid

WeakRandomness in `ChoosingRam::increaseValuesOfParticipants`

WeakRandomness in ChoosingRam::increaseValuesOfParticipants

Description:

The increaseValuesOfParticipants function in the ChoosingRam contract uses a weak randomness mechanism that relies on block.timestamp, block.prevrandao, and msg.sender to determine the random outcome. This method of generating randomness is susceptible to manipulation by miners and other participants, compromising the fairness and security of the selection process.

Proof of Concept:

https://prnt.sc/MwYhJ-eV-9t2

Recommended Mitigation:

  • Use chainlink VRF:https://docs.chain.link/vrf

Updates

Lead Judging Commences

bube Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic
Assigned finding tags:

Weak randomness in `ChoosingRam::increaseValuesOfParticipants`

nem0x001 Submitter
about 1 year ago
bube Lead Judge
about 1 year ago
bube Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Weak randomness in `ChoosingRam::increaseValuesOfParticipants`

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.