Mystery Box
First Flight #25
Beginner FriendlyFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Valid

Use of block.timestamp and addresses as source of randomness

Oxchryston

Summary

The use of block.timestamp and address of msg.sender as source randomnessis susceptible to manipulation.

Vulnerability Details

The function oenBox, uses the block.timestamp and the address of message.sender as means for calculating the reward that users will gain from opening a box. The issue here is that block.timestamp and address of message sender are insecuresources of randomness. A miner could slightly adjust the block timestamp to shift the outcome of the random number in their favor. For example, by delaying or advancing the timestamp by a few seconds, they could move the value of randomValue into a range that grants a more valuable reward (e.g., the Gold Coin). An attacker can repeatedly call theopenBox function with various addresses until they get a favorable outcome. Since the random number depends on both block.timestamp and msg.sender, which they can influence or predict, they can manipulate the result.

function openBox() public {
require(boxesOwned[msg.sender] > 0, "No boxes to open");
// Generate a random number between 0 and 99
uint256 randomValue = uint256(keccak256(abi.encodePacked(block.timestamp, msg.sender))) % 100;
// Determine the reward based on probability

https://github.com/Cyfrin/2024-09-mystery-box/blob/281a3e35761a171ba134e574473565a1afb56b68/src/MysteryBox.sol#L43

Impact

Results can be manipulated by miners or other malicious users.

Tools Used

Manual Review

Recommendations

Use Chainlink VRF or a commit-reveal scheme for secure randomness

Updates

Appeal created

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Weak Randomness

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!