Platform: Code4rena
Start Date: 20/09/2022
Pot Size: $100,000 USDC
Total HM: 4
Participants: 109
Period: 7 days
Judge: GalloDaSballo
Id: 163
League: ETH
Rank: 101/109
Findings: 1
Award: $55.20
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: IllIllI
Also found by: 0x1f8b, 0x4non, 0x52, 0x5rings, 0xNazgul, 0xRobocop, 0xSmartContract, 0xdeadbeef, 0xsanson, 8olidity, Amithuddar, Aymen0909, B2, B353N, CertoraInc, Ch_301, Chom, CodingNameKiki, Deivitto, ElKu, Funen, JC, JohnnyTime, Kresh, Lambda, Noah3o6, RaymondFam, ReyAdmirado, RockingMiles, Rolezn, Sm4rty, SuldaanBeegsi, Tadashi, TomJ, Tomio, V_B, Waze, __141345__, a12jmx, ak1, arcoun, asutorufos, aviggiano, berndartmueller, bharg4v, bin2chen, brgltd, bulej93, c3phas, catchup, cccz, ch0bu, cryptonue, cryptphi, csanuragjain, delfin454000, devtooligan, djxploit, durianSausage, eighty, erictee, exd0tpy, fatherOfBlocks, giovannidisiena, hansfriese, ignacio, joestakey, ladboy233, lukris02, m9800, malinariy, martin, minhtrng, obront, oyc_109, pedr02b2, pedroais, pfapostol, philogy, prasantgupta52, rbserver, ronnyx2017, rotcivegaf, rvierdiiev, sach1r0, shung, simon135, throttle, tnevler, tonisives, wagmi, yixxas, zkhorse, zzykxx, zzzitron
55.1985 USDC - $55.20
As stated in VRF Security Considerations [V1], the requestId plays an important role in ensuring fairness and prevent abuse of multiple requests to the oracle. Since the main component (ArtGobblers.sol#L541) doesn't actively manage the requestId returned, preventing fairness may be delegated to third parties monitoring the contract. Thus, the misused named return variable in src/utils/rand/ChainlinkV1RandProvider.sol#L62-L70 (code below) results in an 0x00 event:
function requestRandomBytes() external returns (bytes32 requestId) { // The caller must be the ArtGobblers contract, revert otherwise. if (msg.sender != address(artGobblers)) revert NotGobblers(); emit RandomBytesRequested(requestId); // Will revert if we don't have enough LINK to afford the request. return requestRandomness(chainlinkKeyHash, chainlinkFee); }
function requestRandomBytes() external returns (bytes32 requestId) { // The caller must be the ArtGobblers contract, revert otherwise. if (msg.sender != address(artGobblers)) revert NotGobblers(); // Will revert if we don't have enough LINK to afford the request. requestId = requestRandomness(chainlinkKeyHash, chainlinkFee); emit RandomBytesRequested(requestId); }
#0 - GalloDaSballo
2022-10-06T19:14:25Z
1 Refactoring
I think the title is exaggerated, we want real vulnerabilities, this one has an informational impact
#1 - GalloDaSballo
2022-10-06T19:14:27Z
1R
#2 - GalloDaSballo
2022-10-06T19:14:42Z
Presentation is good, needs more findings though