Mystery Box

First Flight #25

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Function MysteryBox::openBox uses unsafe ramdomness

al88nsk

Summary

It is possible to predict when the box will we with a gold coin due to bad randomness used in the MysteryBox::openBox function.

Vulnerability Details

There is no way to generate a random value on-chain in EVM. The function MysteryBox::openBox uses the expression below to generate a "random" value:

uint256 randomValue = uint256(keccak256(abi.encodePacked(block.timestamp, msg.sender))) % 100;

There are some problems with this code:

Validators can manipulate block.timestamp value in some degree, so a validator can affect the random value generation
Users can calculate the same value in their transaction and based on the calculated value decide to open a box or not

Impact

Type of the opened box can be manipulated by validators, or users can just revert the transaction if the resulting box does not satisfy them.

Tools Used

Manual review

Recommendations

Do not rely on any on-chain value to generate a random values. Consider to use Chainlink VRF for that purpose.

Updates

Appeal created

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Weak Randomness

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!