Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Predictable pseudo-randomness allows manipulation of egg finding

0xnbvc

Vulnerability Details

The searchForEgg function uses a combination of block.timestamp, block.prevrandao, msg.sender, and eggCounter to generate a pseudo-random number for determining if an egg is found. Block variables like block.timestamp and block.prevrandao are predictable or can be manipulated by miners/validators.

function searchForEgg() external {
require(gameActive, "Game not active");
require(block.timestamp >= startTime, "Game not started yet");
require(block.timestamp <= endTime, "Game ended");
//@audit-issue pseudo-randomness allows manipulation
// Pseudo-random number generation (for demonstration purposes only)
uint256 random = uint256(
keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender, eggCounter))
) % 100;

Impact

Malicious user can predict the outcome of the random number generation, allowing them to guarantee finding an egg on their attempts. Malicious block validator can prevent users from finding eggs by delaying their transactions if it were to find an egg.

Recommendation

Utilize a secure and verifiable source of on-chain randomness, such as Chainlink VRF, instead of relying on block variables.

Updates

Lead Judging Commences

m3dython Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Insecure Randomness

Insecure methods to generate pseudo-random numbers

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.