Mystery Box

Summary

The openBox() function in the MysteryBox contract uses a weak source of randomness generated on-chain, which can be exploited by malicious users to predict the outcome of the random number generation. This weak randomization compromises the fairness of the reward system, as attackers can influence or predict the rewards they will receive.

Vulnerability Details

The openBox() function generates a “random” number using the following logic:

uint256 randomValue = uint256(keccak256(abi.encodePacked(block.timestamp, msg.sender))) % 100;

This approach relies on two factors for randomness:

1. block.timestamp: A public value that can be predicted or manipulated by miners.

2. msg.sender: A static value representing the address calling the function.

Since both values are either predictable or can be influenced, this creates a weak source of randomness. An attacker can exploit this by monitoring the block.timestamp and repeatedly calling the function at opportune times, allowing them to control or predict the outcome of the reward. This would enable them to repeatedly claim higher-value rewards, such as the “Gold Coin” or “Silver Coin.”

Impact

• Exploitability: A malicious actor can predict or manipulate the outcome of the random number generation, giving them an unfair advantage in obtaining higher-value rewards.

• Fairness: The randomness used for determining rewards is compromised, leading to an unfair system where certain users can claim better rewards repeatedly.

• Economic Loss: The contract's economic model can be affected if rare rewards are distributed unintended, leading to potential financial losses for the contract owner and an imbalance in the reward system.

Recommendations

1. Use of Chainlink VRF:

Replace the current on-chain randomness mechanism with Chainlink’s Verifiable Random Function (VRF). Chainlink VRF provides a secure source of randomness that is cryptographically verifiable, making it difficult for attackers to predict or manipulate the random number.

2. Off-chain Randomness:

Another option is to use off-chain randomness, which is more secure and less predictable than on-chain randomness. This could involve an Oracle or other trusted off-chain service providing the random value.

3. Randomness Based on Future Block Hash:

Instead of block.timestamp, consider using a future block hash to generate randomness. This makes it harder for attackers to predict the random number since block hashes are not known in advance.