Eggstravaganza

Summary

• The searchForEgg function in EggHuntGame.sol uses a pseudo-random number generator that relies on predictable blockchain variables, making it susceptible to manipulation by miners or attackers.

Vulnerability Details

• The random number is generated using:
  uint256 random = uint256(
  keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender, eggCounter))
  ) % 100;

• block.timestamp, block.prevrandao, msg.sender, and eggCounter are all accessible or predictable to varying degrees:

  • Miners can influence block.timestamp within a small window.

  • block.prevrandao (introduced in Ethereum's PoS merge) provides some randomness but is still deterministic within a block.

  • msg.sender is controlled by the caller.

  • eggCounter is a predictable, incrementing value.

• An attacker could repeatedly call searchForEgg within the same block (where block.timestamp and block.prevrandao are constant) or manipulate transaction ordering to increase their chances of generating a favorable random value below eggFindThreshold.

Impact

• Attackers can exploit this to unfairly increase their egg-finding success rate, undermining the game's fairness.

• This could lead to a disproportionate number of NFTs being minted to malicious actors, reducing trust in the game.

Tools Used

• Manual code review.

• Knowledge of Solidity best practices and common vulnerabilities (e.g., OWASP Smart Contract Top 10).

Recommendations

• Use a secure randomness source like Chainlink VRF (Verifiable Random Function) for production environments.

• If Chainlink VRF is not feasible, combine on-chain data with an off-chain oracle or commit-reveal scheme to make randomness less predictable.

• Add a comment clarifying that the current implementation is for demonstration only and should not be used in production without a secure randomness solution.