TwentyOne

First Flight #29
Beginner FriendlyGameFiFoundrySolidity
100 EXP
View results
Submission Details
Severity: low
Invalid

Weak Randomness in `drawCard` Function

Summary

The drawCard function uses a weak pseudo-random number generator based on block.timestamp, msg.sender, and block.prevrandao.

Vulnerability Details

The random number generation relies on values that are predictable and manipulable, such as the block timestamp and block.prevrandao. These can be influenced by miners or players, making the randomness insufficient for secure gameplay.

Impact

The predictability of the random number generation allows attackers or miners to influence the card draws, undermining the fairness of the game.

Tools Used

Manual Code Review

Recommendations

Use a verifiable random function (VRF), such as Chainlink VRF, for secure and tamper-proof randomness to ensure fairness in card selection.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

[INVALID] Known - Randomness

Randomness Manipulation: The randomness mechanism relies on block.timestamp, msg.sender, and block.prevrandao, which may be predictable in certain scenarios. Consider using Chainlink VRF or another oracle for more secure randomness.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.