Weak randomness in `MysteryBox::openBox` allows anyone to manipulate reward
Weak randomness in MysteryBox::openBox allows anyone to manipulate reward
Summary
Hashing block.timestamp and msg.sender together leads to a predictable final number, making the random number generation vulnerable. This allows malicious users to manipulate or anticipate values to select specific rewards.
Vulnerability Details
Using block.timestamp and msg.sender for randomness creates predictable outcomes. Attackers can exploit this by knowing the block timestamp or by manipulating their address to receive desirable rewards.
Proof of Concept
There are two primary attack vectors:
Validators can predict
block.timestamp, enabling them to time their participation advantageously. More information can be found in the Solidity blog on prevrandao.Users can manipulate the
msg.senderto secure the "rarest" reward.
The following function illustrates the predictability by calculating a non-zero reward based on block.timestamp:
Using on-chain values as randomness seeds is a well-known attack vector in the blockchain space.
Impact
Any user can select rewards, including the "rarest" ones, undermining the randomness of the rewards system.
Recommended Mitigation
To enhance randomness, consider using an oracle solution such as Chainlink VRF for secure and unpredictable random number generation.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.