Eggstravaganza

Summary

The EggHuntGame contract contains a critical vulnerability in its egg-finding logic due to the use of an insecure pseudo-random number generator (PRNG). This flaw allows players to predict or manipulate the outcome of the egg-finding mechanism, undermining the fairness of the game.

Vulnerability Details

Function Affected: searchForEgg()

Vulnerable Line: Line 65

uint256 random = uint256(
keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender, eggCounter))
) % 100;

if a player monitors the current block data, they can snipe calls only when the calculated random number is likely to fall under eggFindThreshold, essentially guaranteeing free eggs.

Impact

Players can exploit the weak PRNG to gain an unfair advantage in the game by only calling searchForEgg() when they are likely to find an egg.

Game Integrity Loss:
This undermines the fairness of the game, impacting honest players and potentially devaluing the NFT collection due to oversupply or botting.

Monetary & Reputational Risk:
If the NFTs hold value, either directly or as part of a larger ecosystem, this bug could lead to financial loss and damage to the protocol’s credibility.

Tools Used

Slither – Detected the weak PRNG and flagged it as an issue.

Manual Code Review – Confirmed the vulnerability and verified the logic flow.

Recommendations

Replace the current PRNG logic with a secure randomness source

Use Chainlink VRF

Commit-Reveal Scheme

Implement a two-step commit-reveal process where users commit to a seed and reveal it later. More complex, but viable for on-chain games.