Weak Randomness in `MystryBox.sol#openBox` Allows Users to Manipulate and Predict Outcomes
Description
In MystryBox.sol#openBox, users can easily predict the generated random number due to the use of weak randomness sources. A predictable number is not secure for randomization, allowing malicious users to manipulate the outcome and determine the reward ahead of time.
The current randomness implementation:
uses block.timestamp and msg.sender, both of which are publicly accessible and predictable. This allows attackers to exploit the system by predicting the reward outcome and consistently obtaining better rewards.
Impact
The predictability of block.timestamp and msg.sender enables attackers to control the random value used to determine the rewards in openBox(). As a result, they can manipulate the system to increase their chances of obtaining rare rewards, such as Gold Coins, leading to a significant loss of fairness and trust in the protocol.
Proof of Concept
The attacker repeatedly calls
openBox()in rapid succession, monitoring the generatedblock.timestampto predict the random value.The attacker checks if the random value corresponds to the desired reward (e.g., 99 for a Gold Coin).
By retrying and aligning their calls with favourable timestamps, the attacker consistently manipulates the randomness to secure better rewards.
Recommended Mitigation
To address this vulnerability, it is essential to replace the predictable randomness sources (block.timestamp and msg.sender) with a more secure and unpredictable mechanism. One effective solution is to use Chainlink VRF (Verifiable Random Function) or another decentralized randomness provider to ensure the randomness is truly unpredictable and resistant to manipulation.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.