Root + Impact
Root Cause

• Predictable randomness source: Slice size is derived from easily knowable or manipulable values (e.g., block timestamp, transaction hash, user address). These inputs are not secure entropy.

• Lack of Sybil resistance: The system enforces per-address limits only, allowing attackers to farm rewards with unlimited fresh accounts.

• Unbounded treasury outflow: Claims do not check the remaining balance before payout, risking overdraws or premature pool exhaustion.

Impact

• Treasury drained: An attacker can consistently claim near-max rewards (≈approximately 500 APT) across multiple accounts, rapidly depleting the pool.

• Unfair distribution: Honest users are locked out, undermining the fairness of the “random surprise” element.

• Reputation loss: PizzaCoin’s community campaign becomes associated with exploitation and broken promises.

Description

• The PizzaCoin giveaway lets participants claim a “random slice” between 100–500 APT. Because randomness is generated from predictable inputs and there’s no Sybil resistance, attackers can simulate outcomes off-chain, submitting only high-value claims while discarding low-value ones. With unlimited accounts, they capture most of the rewards. This breaks the fairness model, ends the campaign early, and leaves honest participants with little or nothing.

Risk

Likelihood:

• Randomness is derived from block metadata (timestamp, height, txn hash), which are known before confirmation, allowing bots and validators to predict outcomes during the campaign.

• Creating many Aptos accounts is cheap and fast, enabling Sybil farms to repeatedly exploit the predictable randomness mechanism within the 3d 4h campaign window.

Impact:

• Giveaway treasury can be rapidly drained by an attacker who consistently claims near‑max rewards.

• Honest users are denied fair distribution, leading to loss of trust and reputational damage for PizzaCoin.

Proof of Concept

Recommended Mitigation