Opponent’s move can be predicted before committing
Summary
The mechanism used to generate a _commitHash for the RockPaperScissors::commitMove function is weak.
Vulnerability Details
If a player reuses the same combination of move + salt across multiple games, the resulting commitHash will be identical. Since the commitment is public on-chain, an attacker can store known commitHash values and their corresponding moves from past games.
For example:
playerAonce committed tokeccak256(abi.encodePacked(Move.Rock, saltA))The attacker previously lost to that commit with
Move.Scissors, revealing the actual move.In a future game, the attacker observes the same**
commitHash** used again.The attacker now knows** **playerA is playing Rock, and can safely commit
Move.Paperto guarantee a win.
Impact
This breaks the commit-reveal secrecy model and allows strategic players or bots to front-run or script predictable wins by analyzing historical data.
Tools Used
Manual review
Recommendations
Make the salt dynamic. e.g hash with `block.timestamp`
Appeal created
Lack of Salt Uniqueness Enforcement
The contract does not enforce salt uniqueness
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.