Description:

EggHuntGame::searchForEgg()uses a weak source of randomness to determine successful egg finds. The pseudorandom number generation relies on predictable values including block.timestamp, block.prevrandao, msg.sender, and eggCounter. Since all of these values are either public or can be reasonably predicted, malicious users can manipulate or predict when egg finds will be successful, undermining the fairness of the game.

Attack path:

Attacker creates a malicious smart contract that calculates the future random value based on predictable parameters and calls the searchForEgg() function only when it knows the transaction will result in successfully finding an egg, guaranteeing 100% success instead of the intended 20%.

Impact:

• This vulnerability breaks the core gameplay mechanics by eliminating the element of chance

• Attackers can mint NFTs at a much higher rate than honest players

• The intended probability (controlled by eggFindThreshold) becomes irrelevant

Recommended Mitigation:

Implement a verifiable random function (VRF) from a trusted oracle service like Chainlink