[H-04] Weak randomness in MysteryBox::openBox allows players to influence or game the system to guarantee rare rewards
Summary
Randomness seed is generated from hashing msg.sender & block.timestamp. Both of these parameters are deterministic and can therefore be predicted to ensure the box is opened at an optimal time to gain a valuable reward.
Vulnerability Details
Overview:
Using onchain values as a randomness seed is a well documented attack vector in the blockchain space.
Proof of Code:
-
Validators can know ahead of time the
block.timestampand can use this information to know when they should open their mystery box to gain the best possible reward. -
Players can mine/manipulate their
msg.sendervalue to ensure that they will roll the correct value to earn a rare reward. -
Users can revert their
MysteryBox::openBoxtransaction if they don't like the result of the reward the mystery box revealed.
Impact
Any player can predict when they should open their mystery box to guarantee a rare and valuable reward. Players will be able to turn 0.1 eth into a 0.5 or 1 eth reward consistently. Therefore, the protocol will be guaranteed to lose money, as the desired functionality of player's spending 0.1 ether and earning no reward 75% of the time is invalidated.
Tools Used
Manual review & Slither
Recommended Mitigation
Consider using a cryptographically provably random number generator such as Chainlink VRF.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.