ChoosingRam::increaseValuesOfParticipants
Description:
The increaseValuesOfParticipants
function in the ChoosingRam
contract uses a weak randomness mechanism that relies on block.timestamp
, block.prevrandao
, and msg.sender
to determine the random outcome. This method of generating randomness is susceptible to manipulation by miners and other participants, compromising the fairness and security of the selection process.
Proof of Concept:
https://prnt.sc/MwYhJ-eV-9t2
Recommended Mitigation:
Use chainlink VRF:https://docs.chain.link/vrf
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.