Weak random mechanism
Summary
Function for search eggs use weak random mechanism, which could be manipulated and sometimes could use constant values on some blockchains.
Vulnerability Details
Function searchForEgg use for getting random number weak mechanism.
This code has some disadvantages:
block.timestamp - could be manupulated by miner/validator
block.prevrandao - on linea, this function return always the same value - 2 https://docs.linea.build/get-started/build/ethereum-differences#:~:text=Returns a fixed number%3A
if user sent more than 1 tx and they in one block, and if first random number is not less, than eggFindThreshold value, eggCounter will not increase and all next tx from this user in this block will not give eggs to user. Because random number will be the same during the block, because eggCounter does not increase previously.
Impact
Random number could be manipulated by miners/validators and using for receive egg in the game.
Tools Used
Manual review
Recommendations
Use chainlink vrf for getting random numbers.
Lead Judging Commences
Insecure Randomness
Insecure methods to generate pseudo-random numbers
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.