The random number generation logic in trickOrTreat()
is susceptible to manipulation as it relies on block.timestamp
, msg.sender
, and block.prevrandao
, all of which can be controlled or influenced by miners or users.
Function: trickOrTreat()
Code Reference:
block.timestamp
and block.prevrandao
are manipulable by miners, and msg.sender
can be controlled by an attacker.
An attacker could influence the random number generation to always get a treat at half price or avoid paying double.
Manual Code Review
Use an external randomness oracle, such as Chainlink VRF, to generate secure and unpredictable random numbers:
It's written in the README: "We're aware of the pseudorandom nature of the current implementation. This will be replaced with Chainlink VRF in later builds." This is a known issue.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.