Platform: Code4rena
Start Date: 09/02/2024
Pot Size: $60,500 USDC
Total HM: 17
Participants: 283
Period: 12 days
Judge:
Id: 328
League: ETH
Rank: 227/283
Findings: 1
Award: $1.27
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: Abdessamed
Also found by: 0rpse, 0xAlix2, 0xAsen, 0xCiphky, 0xlemon, 0xmystery, 0xvj, ADM, Aamir, Archime, BARW, DarkTower, Draiakoo, FloatingPragma, JCN, McToady, MrPotatoMagic, OMEN, PetarTolev, Ryonen, SpicyMeatball, Tendency, VAD37, Velislav4o, VrONTg, Zac, adamn000, ahmedaghadi, alexxander, alexzoid, bhilare_, btk, cats, d3e4, denzi_, devblixt, dimulski, evmboi32, fnanni, givn, haxatron, immeas, jesjupyter, juancito, ke1caM, klau5, korok, krikolkk, matejdb, n0kto, niser93, peter, pkqs90, radin100, shaka, sl1, soliditywala, stackachu, stakog, t0x1c, vnavascues, yotov721, zhaojohnson
1.2667 USDC - $1.27
https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/FighterFarm.sol#L254
Users will be eligble to mint new NFT's by FighterFarm::redeemMintPass, one of the parameters in this function is mintPassDnas. Then, this function calls FighterFarm::_createNewFighter function, with mintPassDnas as a hashed uint256. In FighterFarm::_createNewFighter function, to get NFT attributes as element, weight and newDna, protocol using FighterFarm::_createFighterBase function with dna parameter which is uint256 hashed mintPassDnas. Reference to documentation, "A fighter’s weight is the primary determinant of its other relative strength and weaknesses (i.e. all other battle attributes are a function of weight)". As we can see in FighterFarm::_createNewFighter function, weight is based on dna.
There are similiar situation in FighterFarm::claimFighters, FighterFarm::mintFromMergingPool and FighterFarm::reRoll. In this case it is harder to get the best weight beacuse dna depends on user address and other variables. Furthermore, user can check what parameters will give better weight and mint when condition are met.
https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/FighterFarm.sol#L214
https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/FighterFarm.sol#L324
https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/FighterFarm.sol#L379
User interact with FighterFarm::redeemMintPass function and mintPassDnas = "1234". Following next steps, uint256(keccak256(abi.encode(mintPassDnas)) = 109354925330486725663316016813838071664739777272443667231673145530778523508943, this number is the dna. Finally, weight = dna % 31 + 65. In this example, weight is equal 94, weight range is 65-95 (there are 3 types of weights: 65-74, 75-84, 85-94). In this case user will get the best fighter NFT.
https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/FighterFarm.sol#L254
https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/FighterFarm.sol#L500
https://github.com/code-423n4/2024-02-ai-arena/blob/main/src/FighterFarm.sol#L471
Manual review.
Use Chainlink VRF to get random number and be sure weight and other parameters is random. (https://docs.chain.link/vrf)
ERC721
#0 - c4-pre-sort
2024-02-22T08:00:31Z
raymondfam marked the issue as sufficient quality report
#1 - c4-pre-sort
2024-02-22T08:00:41Z
raymondfam marked the issue as duplicate of #33
#2 - c4-pre-sort
2024-02-26T00:53:44Z
raymondfam marked the issue as duplicate of #1626
#3 - c4-judge
2024-03-05T10:56:27Z
HickupHH3 changed the severity to 3 (High Risk)
#4 - c4-judge
2024-03-06T03:34:56Z
HickupHH3 marked the issue as satisfactory