TwentyOne

First Flight #29

Beginner FriendlyGameFiFoundrySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Weak randomness in `TwentyOne::drawCard()` function can allow attacker to influence card drawn

yeahchibyke

Summary

The drawCard() function in the TwentyOne smart contract uses a weak pseudorandom number generator (PRNG) to select a card for the player. This randomness is derived from a combination of block.timestamp, msg.sender, and block.prevrandao. Due to the predictability and potential manipulability of these inputs, the randomness used to determine the card drawn can be predicted or influenced by an attacker, undermining the fairness of the game.

Vulnerability Details

The card drawn for a player is determined using the following line of code:

// Generate a random index

uint256 randomIndex = uint256(keccak256(abi.encodePacked(block.timestamp, msg.sender, block.prevrandao)))

% availableCards[player].length;

The randomness is generated from the concatenation of block.timestamp, msg.sender, and block.prevrandao.

block.timestamp can be slightly adjusted by miners within a certain range, introducing predictability.
msg.sender is the player's address, which is always known and predictable.
block.prevrandao is a hash of the previous block’s random value, which while harder to influence, can still be manipulated by miners in certain circumstances.

This weak randomness makes it possible for an attacker to predict or influence the card drawn, especially by timing their transactions in specific ways or analyzing patterns in previous draws.

Impact

The impact of this vulnerability is moderate to high, depending on the attacker’s ability to control or predict the randomness. If an attacker can predict the card being drawn, they could adjust their strategy in ways that would lead to favorable outcomes.

For example, if a player can predict the card they will receive, they might decide to hit or stand with knowledge of the upcoming card, which could allow them to win unfairly.
Furthermore, an attacker could manipulate the randomness by interacting with the contract at precise times when they know the random values are more likely to produce favorable outcomes.

While this randomness affects only the individual card draw, in a game of chance, even minor manipulation can lead to significant advantage and degrade the fairness of the game.

Tools Used

Slither

Recommendations

Use Chainlink VRF to handle random number generation.

Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

[INVALID] Known - Randomness

Randomness Manipulation: The randomness mechanism relies on block.timestamp, msg.sender, and block.prevrandao, which may be predictable in certain scenarios. Consider using Chainlink VRF or another oracle for more secure randomness.

Rewards breakdown

nSLOC

147

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.