Mystery Box
First Flight #25
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Weak Cryptographic random number generator used to choose reward can be manipulated by validator nodes with control over block parameters.

poolig4n

Description

Weak cryptographic random number used to choose the reward can allow a malicious validator to ensure they win a high value reward.

Impact

Rewards can be manipulated by validators.

Proof of Concept

The following function can be used to generate a timestamp which corresponds to a desirable random number value which is used when choosing a reward. For example, the following timestamp corresponds to the number 98 when used in the random number generation, this results in a reward of 0.5 ether. This technique and the exact value is used in two submissions that demonstrate re-entracy attacks against MysteryBox::claimSingleReward and MysteryBox::claimAllRewards.

  • Reentrancy vulnerability in MysteryBox::claimSingleReward allows an attacker to steal funds.

  • Reentrancy vulnerability in MysteryBox::claimAllRewards allows an attacker to steal funds.

uint256 timestamp = 1785601;
function testRandom() public view {
uint256 ts = block.timestamp;
uint256 randomValue = uint256(keccak256(abi.encodePacked(ts, address(attacker)))) % 100;
for (uint256 index = 0; index < 100; index++) {
ts += ((60 * 60) * index);
randomValue = uint256(keccak256(abi.encodePacked(ts, address(attacker)))) % 100;
console2.log("%s randomValue is %s %s", index, randomValue, ts);
}
}

Recommended mitigation

Use a purpose built, trusted and well tested library for random number generation.

Updates

Appeal created

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Weak Randomness

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!