Insecure Randomness via Timestamp
Root + Impact
The contract uses timestamp::now_microseconds() as the randomness source. Attackers can manipulate or predict the reward outcome, repeatedly calling the function to maximize payouts.
Description
-
Normal behavior: The function get_random_slice() is supposed to assign users a random reward.
-
Issue: The randomness is derived from timestamp::now_microseconds(), which is predictable and can be influenced by validators. This makes the outcome guessable and manipulable.
Risk
Likelihood:
-
Reason 1 Every time the function runs, the timestamp is predictable and partially controllable by block producers.
-
Reason 2
Impact:
-
Impact 1: The Entire reward distribution mechanism can be exploited, draining more APT than intended.
-
Impact 2
Proof of Concept
The attacker can keep calling get_random_slice until the reward is "high"
Recommended Mitigation
Use a verifiable randomness source (e.g., VRF or an oracle-based randomness beacon) instead of timestamps
Appeal created
Predictable randomness
The `get_random_slice` function should only be called by the owner via the `register_pizza_lover` function. Also, the `owner` is trusted and will not choose a specific time for a new user to register. Therefore, I disagree with the claim of most reports in this group that an attacker can manipulate the random number of pizza slices. But I agree with the root cause of the reports in this group, that the random distribution is not completely random.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.