Predictable Random Number Generation Enables Front-Running Attacks
Summary
The searchForEgg function uses a predictable pseudo-random number generation mechanism that can be exploited by attackers to determine the outcome of egg searches in advance, giving them an unfair advantage over other players.
Vulnerability Details
The current implementation uses block variables and user inputs to generate random numbers:
This is vulnerable because all inputs to the random number generation are available before the transaction is mined.
An attacker can:
Create a script to calculate the outcome of searchForEgg before submitting a transaction
Only submit transactions when they know they will find an egg
Front-run other players transactions when favorable outcomes are detected
Avoid wasting gas on unsuccessful attempts
Impact
MEDIUM severity because it gives attackers a significant advantage in the game and wastes gas for honest players who can't predict outcomes.
Tools Used
Manual code review
Recommendations
Implement a more secure random number generation mechanism, for example Chainlink VRF (Verifiable Random Function).
Lead Judging Commences
Insecure Randomness
Insecure methods to generate pseudo-random numbers
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.