Random number generation
Summary
The function EggHuntGame::searchForEgg attempts to implement randomness to determine whether a player finds an egg. However, it uses insecure pseudo-random number generation based on on-chain variables like block.timestamp, block.prevrandao, msg.sender, and eggCounter. This technique is predictable and manipulable, leading to potential game manipulation or unfair advantage.
Vulnerability Details
The use of block.timestamp and block.prevrandao is not secure for randomness in Ethereum.
These values can be influenced by miners/validators within acceptable protocol limits.
Since
msg.senderandeggCounterare known or controllable by the user, the overall entropy of the hash is low.This allows a user to repeatedly call the function or simulate outcomes off-chain to eventually get a favorable random number below
eggFindThreshold.
Impact
Impact: High, Players can predict or influence egg discoveries, violating fairness.
Recommendations
Use a verifiable randomness source such as Chainlink VRF for secure and tamper-proof random number generation.
Lead Judging Commences
Insecure Randomness
Insecure methods to generate pseudo-random numbers
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.