Puppy rarity is derived from predictable randomness (msg.sender, block.difficulty), so an attacker can grind the call to mint a legendary NFT on demand
Predictable rarity randomness lets an attacker grind a guaranteed LEGENDARY puppy
Description
PuppyRaffle::selectWinner computes puppy rarity as uint256(keccak256(abi.encodePacked(msg.sender, block.difficulty))) % 100 (src/PuppyRaffle.sol:139). Both inputs are known to the caller, so an attacker can compute the resulting rarity in advance and choose calling conditions (sender, target block) that guarantee a LEGENDARY mint.
Risk
Likelihood:
Medium. The attacker must be (or control) the winner-selecting caller, but given that, predicting and grinding the rarity is trivial — they iterate msg.sender candidates or wait for a block whose block.difficulty yields rarity > 95.
Impact:
Medium. The intended 70/25/5 rarity distribution is defeated. An attacker reliably mints LEGENDARY puppies, devaluing legitimately-earned rare and legendary NFTs and undermining the collection's scarcity and economic value.
Proof of Concept
The attacker checks the rarity formula off-chain and only proceeds when it resolves to LEGENDARY.
Recommended Mitigation
Derive rarity from a verifiable randomness source (Chainlink VRF) or a commit-reveal value rather than predictable on-chain data.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Judging
Submissions are being reviewed by our AI judge. Results will be available in a few minutes.
View all submissionsRewards Distribution
The contest is complete and the rewards are being distributed.