Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Lack of Cost Enables Unlimited NFT Minting in searchForEgg()

rhaosec

Summary

An attackers can call the function unlimited time and can mint all the eggs in the thresholds range i.e 20 percent. Since there's no economic barrier or rate limit, this makes it possible to mint all the NFTs and exploit the egg vault or in-game rewards.

Vulnerability Details

Here you can see that the user have no limit to mint the eggs for a particular address so attacker can mint all the eggs which is unfair for others.

function searchForEgg() external {
require(gameActive, "Game not active"); // anyone can search for eggs without paying money to the vault
require(block.timestamp >= startTime, "Game not started yet");
require(block.timestamp <= endTime, "Game ended");
// Pseudo-random number generation (for demonstration purposes only)
uint256 random = uint256(
keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender, eggCounter)) //@vulnerability #1 Weak PRNG
) % 100;
if (random < eggFindThreshold) {
eggCounter++;
eggsFound[msg.sender] += 1;
eggNFT.mintEgg(msg.sender, eggCounter);
emit EggFound(msg.sender, eggCounter, eggsFound[msg.sender]);
}
}

Impact

  • Attackers can mint unlimited eggs (NFTs) at zero cost.

  • Leaderboards and vault rewards can be manipulated.

  • Loss of trust in game mechanics.

  • Incentive system collapse due to unlimited minting.

Tools Used

Manual Review

Recommendations

Limit number of eggs per player or per block

Updates

Lead Judging Commences

m3dython Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Insecure Randomness

Insecure methods to generate pseudo-random numbers

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.