Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Weak Randomness in `EggHuntGame::seachForEgg()`

finisher

Description:
The searchForEgg() function in the EggHuntGame contract uses msg.sender, block.timestamp, block.prevrandao and eggCounter to generate randomness for determining the outcome of an egg hunt. These values are predictable and can be manipulated by miners, leading to potential exploitation.

Impact:
High - Weak randomness can be exploited by malicious actors to predict or manipulate the outcome of the egg hunt, compromising the fairness and integrity of the game.

Proof of Concept:
Validators can know ahead of time the outcome of the searchForEgg() function by manipulating the block timestamp or prevrandao value. This predictability allows them to exploit the randomness mechanism to their advantage, undermining the fairness of the game.

function searchForEgg(uint256 playerId) external returns (bool) {
...
uint256 random = uint256(keccak256(abi.encodePacked(block.timestamp, block.prevrandao, , msg.sender, eggCounter))) % 100; // Weak Randomness
...
}

Recommended Mitigation:
Replace the weak randomness with a secure source of randomness, such as Chainlink VRF. For example:

// Example using Chainlink VRF
function searchForEgg(uint256 playerId) external returns (bool) {
uint256 random = getSecureRandomNumber(playerId);
return random % 2 == 0;
}
function getSecureRandomNumber(uint256 playerId) internal returns (uint256) {
...
}
Updates

Lead Judging Commences

m3dython Lead Judge 8 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Insecure Randomness

Insecure methods to generate pseudo-random numbers

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!