Mystery Box

Summary

The use of block.timestamp in line 47 of MysteryBox::openBox function to generate a random number. However, relying on block.timestamp for randomness is not secure, as it can be influenced by miners. This can lead to predictable and exploitable outcomes, undermining the integrity of the randomness.

Vulnerability Details

An attacker with control over block mining can manipulate the block.timestamp to influence the result of the randomvalue function. Additionally, an attacker could create a malicious contract that checks if the current block's conditions result in a favorable outcome. The contract could then trigger the vulnerable openBox function, ensuring a guaranteed win, as block timestamps remain static within the same transaction.
Below is the affected line of code.

Impact

To exploit this vulnerability, an attacker can:

1. Deploy a contract that monitors the block's timestamp or number.

2. If the block conditions are favorable, the contract calls MysteryBox::openBox within the same transaction.

3. The manipulated block timestamp guarantees a win.

Tools Used

Manual Review

Recommendations

To ensure the randomness is truly unpredictable and cannot be influenced by external factors, consider the following mitigations:

1. Use Hardware-based RNGs: Where feasible, leverage hardware random number generators to produce random values.

2. Leverage Decentralized Randomness Beacons: Integrate secure randomness solutions like Chainlink’s Verifiable Random Function (VRF), which generates cryptographically secure randomness on-chain, preventing miners from influencing the result.