Summary

The EggHuntGame contract relies on block.timestamp for critical game functions, including determining the game start and end times. Miners have limited control like up to 15 minute's over the block’s timestamp and can manipulate the game’s start and end times within a few seconds.

Vulnerability Details

In the EggHuntGame contract, the start and end times of the game are set based on the current block’s block.timestamp. This reliance on block.timestamp introduces the following risks:

1. Timestamp Manipulation: Miners can adjust the block timestamp within a small window (typically a few seconds to 15 minutes). This allows them to influence the start and end times of the game, giving them an unfair advantage.

2. Game Duration Manipulation: If the miner can delay the block timestamp by a few seconds, they can extend the duration of the game, allowing more time to participate in the game and find eggs.

3. Pseudo-Randomness Manipulation: The searchForEgg() function uses block.timestamp for pseudo-random number generation, which is vulnerable to manipulation by miners. This could lead to biased outcomes, with the miner gaining an unfair advantage in finding eggs.

Impact

function startGame(uint256 duration) external onlyOwner {
require(!gameActive, "Game already active");
require(duration >= MIN_GAME_DURATION, "Duration too short");
startTime = block.timestamp;
endTime = block.timestamp + duration;
gameActive = true;
emit GameStarted(startTime, endTime);
}

1. The startTime is set directly from block.timestamp, which can be manipulated by miners.

2.Game Duration Check:

function searchForEgg() external {
require(gameActive, "Game not active");
require(block.timestamp >= startTime, "Game not started yet");
require(block.timestamp <= endTime, "Game ended");
}
The game’s activity status is checked using block.timestamp, and miners can adjust the timestamp within a small window, affecting the game’s rules.

3.Pseudo-Random Number Generation:

uint256 random = uint256(
keccak256(abi.encodePacked(block.timestamp, block.prevrandao, msg.sender, eggCounter))
) % 100;

This function uses block.timestamp to generate a pseudo-random number. Since miners can manipulate the block timestamp, they can influence the random number generated, potentially altering the results of the game in their favor.

Let's say the startGame function is called at 12:00:00 UTC, and the owner sets a game duration of 60 seconds.

• Ideally, the game should start at 12:00:00 and end at 12:01:00.

• If the miner mines the block with a timestamp of 12:00:05 UTC, the startTime would be set to 12:00:05 UTC, and the endTime would be 12:01:05 UTC. This gives the miner a 5-second advantage over other players.

If this manipulation is repeated or exploited during different parts of the game, it could result in an unfair advantage.

Tools Used

Manual Code Review and AI for report improving

Recommendations

Use an oracle or external trusted time sources for critical game timings instead of relying solely on block.timestamp.

Apply Chainlink VRF or other v randomness solutions to make the game more tamper-proof.