Eggstravaganza
First Flight #37
Beginner FriendlySolidity
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Predictable Random Number Generation Allows Game Exploitation

albert

Summary

The pseudo-random number generation in searchForEgg() uses predictable on-chain data, enabling attackers to strategically time transactions to increase egg finding success rates.

Vulnerability Details

uint256 random = uint256(
keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender, eggCounter))
) % 100; // ❌ Predictable inputs

Attackers can:

  1. Monitor pending transactions

  2. Calculate expected random values

  3. Submit only advantageous transactions

  4. Combine with flashbots to manipulate timing

Impact

• Skewed game economics favoring attackers
• Reduced protocol trustworthiness
• Potential leaderboard manipulation

Tools Used

• Manual analysis
• Foundry simulation demonstrating predictability:

function testPredictRandom() public {
uint256 precomputed = uint256(
keccak256(abi.encodePacked(block.timestamp+1, block.prevrandao, alice, 0))
) % 100;
vm.roll(block.number+1);
game.searchForEgg();
// Verify prediction matches actual result
}

Recommendations

Improved Implementation:

// Use commit-reveal scheme with off-chain components
bytes32 private seedHash;
uint256 private revealedSeed;
function startGame(...) external {
seedHash = keccak256(abi.encodePacked(_secretSeed));
}
function revealSeed(uint256 _seed) external onlyOwner {
require(keccak256(abi.encodePacked(_seed)) == seedHash, "Invalid seed");
revealedSeed = _seed;
}
// In searchForEgg():
uint256 random = uint256(
keccak256(abi.encodePacked(revealedSeed, blockhash(block.number-1), msg.sender))
) % 100;
Updates

Lead Judging Commences

m3dython Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Insecure Randomness

Insecure methods to generate pseudo-random numbers

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.