Summary

The contract uses on-chain data (block.timestamp, block.prevrandao, msg.sender, and eggCounter) to generate pseudo-random numbers, which are predictable and can be manipulated by miners or attackers. This allows malicious actors to game the system (e.g., force a "win" when the threshold is 20).

Vulnerability Details

• Insecure RNG: The random number is derived from public/controllable inputs:

  • block.timestamp and block.prevrandao can be influenced by miners.

  • msg.sender and eggCounter are low-entropy inputs (predictable/known).

• Attack Scenarios:

  1. A miner submits a transaction with a timestamp/prevrandao that ensures random < 20.

  2. An attacker front-runs transactions, computes the random value in advance, and only proceeds when it’s favorable.

Example Exploit:
If threshold = 20, an attacker can:

• Precompute the hash output using known inputs.

• Submit transactions only when the result is 0–19 (e.g., random = 15).

Impact

• Attackers can systematically exploit the RNG to:

  • Guarantee successful outcomes (e.g., mint rare NFTs, claim rewards unfairly).

  • Drain funds or disrupt protocol mechanics.

• Loss of Trust: Users will lose confidence in the protocol’s fairness.

Tools Used

• Manual Analysis: Identified reliance on manipulable on-chain data.

Recommendations

1. Use Chainlink VRF for true randomness (on-chain verification):

   // Example: Chainlink VRF

   uint256 random = vrfResult % 100;