Mystery Box

Summary

The openBox function uses a predictable source of randomness, which can be exploited by attackers to manipulate the reward distribution.

Vulnerability Details

The contract uses block.timestamp and msg.sender to generate a random number:

This method is not truly random and can be predicted or manipulated by miners or users. Here's how bad actors could exploit this:

1. Miner Manipulation:

   • Miners can influence or precisely control the block.timestamp.

   • They can also choose to include, exclude, or reorder transactions in a block.

   • A miner could run the openBox function offline with different timestamps, find a timestamp that produces a favorable outcome, and then set the block timestamp to this value when mining the block.

2. User Prediction:

   • block.timestamp is predictable and increases monotonically. Users can estimate the next block's timestamp with reasonable accuracy.

   • msg.sender is known to the user calling the function.

   • A user could calculate the outcome of openBox for their address for the next few seconds and choose to submit their transaction at a moment that produces a favorable result.

3. Smart Contract Exploitation:

   • An attacker could create a smart contract that calls openBox.

   • This contract could check the result of the random number generation and only proceed if it results in a high-value reward. If not, it could revert the transaction.

   • The attacker could keep calling this contract until they receive a favorable outcome.

Impact

High. These vulnerabilities allow attackers to significantly increase their chances of receiving high-value rewards.

Tools Used

Manual code review,

Recommendations

• Use a verifiable random function (VRF) provided by oracles like Chainlink for secure randomness.

• Implement a commit-reveal scheme:

  • Users submit a hash of their chosen number and a secret.

  • After a set period, users reveal their number and secret.

  • Combine the revealed number with a future block hash for randomness.