AI Arena - Daniel526's results

Lines of code

https://github.com/code-423n4/2024-02-ai-arena/blob/cd1a0e6d1b40168657d1aaee8223dc050e15f8cc/src/AiArenaHelper.sol#L83-L121

Vulnerability details

Impact

The lack of diversity in physical attributes can undermine the uniqueness and appeal of fighters within the AI Arena. It may reduce the variety of combat strategies and diminish the overall user experience.

Proof of Concept

In the contract, the createPhysicalAttributes function is responsible for generating the physical attributes of fighters based on their DNA and other parameters. The function iterates over each attribute, calculates a rarity rank based on the DNA, and then maps this rank to an attribute probability index. However, if the probability distribution for attributes is skewed or limited, or if there's not enough variability in the DNA, it can lead to fighters having similar physical attributes.

function createPhysicalAttributes(
    uint256 dna, 
    uint8 generation, 
    uint8 iconsType, 
    bool dendroidBool
) 
    external 
    view 
    returns (FighterOps.FighterPhysicalAttributes memory) 
{
    // Check if the fighter is a dendroid
    if (dendroidBool) {
        return FighterOps.FighterPhysicalAttributes(99, 99, 99, 99, 99, 99);
    } else {
        uint256[] memory finalAttributeProbabilityIndexes = new uint[](attributes.length);

        uint256 attributesLength = attributes.length;
        for (uint8 i = 0; i < attributesLength; i++) {
            // Calculate rarity rank based on DNA
            uint256 rarityRank = (dna / attributeToDnaDivisor[attributes[i]]) % 100;
            // Convert rarity rank to attribute probability index
            uint256 attributeIndex = dnaToIndex(generation, rarityRank, attributes[i]);
            finalAttributeProbabilityIndexes[i] = attributeIndex;
        }
        return FighterOps.FighterPhysicalAttributes(
            finalAttributeProbabilityIndexes[0],
            finalAttributeProbabilityIndexes[1],
            finalAttributeProbabilityIndexes[2],
            finalAttributeProbabilityIndexes[3],
            finalAttributeProbabilityIndexes[4],
            finalAttributeProbabilityIndexes[5]
        );
    }
}

Suppose the probability distribution for attributes favors certain characteristics more than others. Additionally, if the DNA variability is limited, it's possible that multiple fighters end up with similar DNA compositions, resulting in them having comparable physical attributes. For example, if the probability distribution heavily favors attributes like "head" and "body" while neglecting others, fighters may exhibit a high degree of similarity in these predominant attributes.

Consider the following test cases:

/// @notice Test creating physical attributes for a non dendroid.
    function testCreatePhysicalAttributesNonDendroid() public {
        uint256 dna = 6;
        uint8 generation = 1;
        uint8 iconsType = 1;
        bool dendroidBool = false;
        FighterOps.FighterPhysicalAttributes memory physAttrs =
            _helperContract.createPhysicalAttributes(dna, generation, iconsType, dendroidBool);
        assertEq(physAttrs.head, 0);
    }

    /// @notice Test creating physical attributes for a non dendroid.
    function testCreatePhysicalAttributesForDendroid() public {
        uint256 dna = 6;
        uint8 generation = 0;
        uint8 iconsType = 0;
        bool dendroidBool = true;
        FighterOps.FighterPhysicalAttributes memory physAttrs =
            _helperContract.createPhysicalAttributes(dna, generation, iconsType, dendroidBool);
        assertEq(physAttrs.head, 99);
    }

• Testing Non-Dendroid Physical Attributes:

The testCreatePhysicalAttributesNonDendroid function tests the creation of physical attributes for a non-dendroid fighter. It provides specific input parameters (DNA, generation, iconsType, and dendroidBool) and verifies the resulting physical attributes. By specifying different parameters for multiple test cases and verifying the generated attributes, this test contract can showcase the variability (or lack thereof) in physical attributes for non-dendroid fighters. If the test cases consistently yield similar physical attributes for different input parameters, it reinforces the argument that the generation process may lack diversity.

• Testing Dendroid Physical Attributes:

The testCreatePhysicalAttributesForDendroid function specifically tests the creation of physical attributes for a dendroid fighter. It verifies that dendroid fighters receive predefined attributes (e.g., all attributes set to 99). This test case is crucial because it demonstrates how certain conditions (such as being a dendroid) result in fixed attributes, further emphasizing the potential lack of diversity in attribute generation for non-dendroid fighters. Overall, by validating the generation of physical attributes for both non-dendroid and dendroid fighters through test cases, the test contract can provide concrete evidence supporting the argument regarding the variability (or lack thereof) in physical attribute generation within the AI Arena. It enhances the argument by showcasing specific scenarios and outcomes based on different input parameters.

Tools Used

Manual

Recommended Mitigation Steps

Expanding the DNA space and increasing its variability can help ensure a wider range of possible attribute combinations, thus reducing the likelihood of fighters exhibiting similar physical attributes.

Assessed type

Context