Replay Attack Vulnerability in Commit Phase
Replay Attack Vulnerability in Commit Phase
Summary
The commit-reveal mechanism lacks game-specific nonces, allowing players to potentially reuse commits across different games.
Vulnerability Details
Location:
commitMove() function
revealMove() function
Issue:
Current commit hash: keccak256(abi.encodePacked(move, salt))
No game-specific identifier in the hash
Players could reuse the same (move + salt) combination in multiple games
Particularly dangerous if a player discovers a winning combination
Impact
-
Players could "replay" winning moves across multiple games
-
Potential for cheating by reusing known favorable commitments
-
Breaks the randomness and fairness guarantee of the game
-
Especially problematic in high-stakes games
Tools Used
Manual code review
Recommendations
-
Include game ID in the commit hash: keccak256(abi.encodePacked(move, salt, gameId))
-
Consider adding player address to the hash for additional uniqueness
-
Alternatively, implement a player-specific nonce system
-
Add validation in revealMove to ensure the revealed gameId matches
Appeal created
Lack of Salt Uniqueness Enforcement
The contract does not enforce salt uniqueness
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.