Incorrect random number generation in EggHuntGame::searchForEgg allow attackers to guess the percentage to obtain an Egg.
Summary
In the EggHuntGame::searchForEgg function we can see the next lines of code:
As the comments says, is a pseudo-random number generation, for demonstrations purposes only. So my question as an auditor is...
Which is the real code that the smart contract is going to use to generate a random number ?
We are auditors, not guessers. So in order to do well our job we need the full code. The number generated is not random (as the comment says) so this mustn't be deployed.
Vulnerability Details
Weak random number generation can allow attackers to guess the number and decide when to call the EggHuntGame::searchForEgg function to always win.
Using elements like:
Doesn't give you randomness.
Impact
Attackers can guess the "random" number and decide when to call the EggHuntGame::searchForEgg function to always win.
Tools Used
Manual Review
Foundry
Recommendations
Use Chainlink VRF to obtain a demonstrable random number.
Link to docs here
Lead Judging Commences
Insecure Randomness
Insecure methods to generate pseudo-random numbers
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.