Eggstravaganza

Summary

The searchForEgg() function makes use of block.timestamp to generate randomness as the comment mentions: "Pseudo-random number generation", which is quite unsafe. This is because it can be predicted and manipulated by attackers. In addition to that, the setEggFindThreshold() function allows the owner to adjust the "egg-finding chance", which could also be exploited.

Vulnerability Details

Vulnerable Contract: EggHuntGame.sol

Vulnerable Function: searchForEgg() and setEggFindThreshold()

The searchForEgg() function making use of block.timestamp for pseudo-random number generation makes it highly predictable, which can allow an attacker manipulate the outcome before submitting transactions. When combined with the setEggFindThreshold() function which allows the owner to adjust the "egg-finding chance", attackers could deploy contracts that favour them after manipulating the randomness to get the threshold which states "Threshold must be <= 100".

Impact

• Exploitation – Attackers will always win the game by exploiting the randomness.

• Owner Manipulation – The owner could manipulate the game by setting thresholds to favor specific individuals.

• Economical impact – An attacker can predict the next winning random number and mint all eggs before others can participate

Tools Used

• Solidity

• Manual Review

Recommendations

Getting Randomness Using Chainlink VRF

Instead of using block-related data such as block.timestamp to implement randomness in your contract, it is recommended you use Chainlink VRF. Chainlink VRF (Verifiable Random Function) is a fair and verifiable random number generator (RNG) that enables smart contracts to access random values without compromising security or usability.