Insecure Randomness in EggHuntGame.sol
Summary
The contract uses insecure methods to generate pseudo-random numbers in searchForEgg() function by relying on publicly accessible and manipulable blockchain variables. This can lead to predictable outcomes and gives an unfair advantage to certain players, compromising the integrity of the game.
Vulnerability Details
The following code snippet demonstrates how the random number is generated:
The inputs used in this hash-based approach are either publicly accessible (msg.sender, eggCounter) or can be manipulated by the block producer (block.timestamp). Although block.prevrandao (introduced in PoS Ethereum) is intended to provide entropy, it is still a predictable value within the context of the current block.
These characteristics make it possible for malicious players or validators to simulate or manipulate outcomes in order to obtain favorable results in the game.
Impact
• Players may exploit the pseudo-randomness to consistently find eggs or mint rare NFTs.
• Validators can manipulate block.timestamp and predict block.prevrandao to rig outcomes.
• The overall fairness and trust in the game economy are compromised.
Depending on the in-game value of the rewards, this vulnerability could result in significant economic imbalance.
Tools Used
• Manual code review
Recommendations
Replace the current randomness mechanism with a secure and verifiable source such as Chainlink VRF. Chainlink VRF provides:
• Cryptographically secure randomness
• Verifiability on-chain
• Protection from block producer manipulation
This will ensure fairness for all participants and preserve the integrity of the game logic.
Lead Judging Commences
Insecure Randomness
Insecure methods to generate pseudo-random numbers
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.