📄 Summary

The EggHuntGame contract does not impose any rate-limiting or cooldown on user interactions with the searchForEgg() function. This allows participants to repeatedly call the function within a single block or across multiple blocks, exploiting the egg-finding mechanism by brute force. This undermines the game's fairness, causes economic imbalance, and can lead to network congestion or front-running via private transactions.

🛠️ Vulnerability Details

Contract:

Function:

Problem:

The function uses a pseudo-random number to determine if a user finds an egg:

However, there are no limits on how many times a single user can call searchForEgg(). Since the function is publicly accessible and relies on weak randomness, attackers can:

• Call the function repeatedly in a single block (via private RPCs or Flashbots) to statistically increase the chance of minting an egg.

• Use bots or scripts to brute force favorable conditions.

💥 Impact

• Game Imbalance: Whales or bots can find significantly more eggs than regular users.

• Denial of Service Risk: Repeated calls can congest the network or monopolize block space.

• Economic Exploit: Users can unfairly collect more NFTs and potentially manipulate rewards or downstream mechanics (like the vault or egg utility).

• Randomness Manipulation: Combined with predictable randomness, this opens the door to gaming the outcome.

🔧 Tools Used

• Manual code review

• Solidity best practices and anti-botting guidelines

• Ethereum mempool transaction behavior analysis

✅ Recommendations

✅ Solution: Add Per-User Cooldown

Implement a per-user time-based rate limit to prevent rapid repeated calls.

Example:

Optional Enhancements:

• Make SEARCH_COOLDOWN adjustable by the owner within bounds.

• Introduce a gas-based cost to discourage excessive searches.

• Replace randomness with Chainlink VRF or a commit-reveal pattern to make brute forcing ineffective.