Predictable Pseudorandom Number Generation
Summary
The current randomness mechanism in EggHuntGame is deterministic and vulnerable to manipulation.
Vulnerability Details
The searchForEgg() function uses predictable on-chain data for random number generation:
All these values are deterministic and can be known or predicted by miners/validators. While block.prevrandao offers some improved randomness post-Merge compared to the older block.difficulty, it's still not truly random
Impact
Miners or validators can potentially manipulate the random number generation to increase their chances of finding eggs, allowing them to unfairly mint more NFTs than regular players. This undermines the entire game mechanics and fairness.
Tools Used
Code review
Recommendations
Use a verifiable random function (VRF) from Chainlink or similar oracle service to provide secure randomness. Alternatively, implement a commit-reveal scheme where users commit to a value in one transaction and reveal in another, combining user input with block data for better randomness.
Lead Judging Commences
Insecure Randomness
Insecure methods to generate pseudo-random numbers
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.