Platform: Code4rena
Start Date: 17/03/2023
Pot Size: $36,500 USDC
Total HM: 10
Participants: 98
Period: 3 days
Judge: leastwood
Total Solo HM: 5
Id: 223
League: ETH
Rank: 44/98
Findings: 1
Award: $39.87
🌟 Selected for report: 0
🚀 Solo Findings: 0
39.8657 USDC - $39.87
By manipulating the ordering of transactions in blocks, miners could manipulate the characterIndex values of a Tray's tiles. This could result in miners being able to specifically select characterIndex values that they want for specific Tray tiles, rather than truly random values.
Simply by altering the order of pending transactions into blocks, a miner who desires specific characterIndex values could manipulate them. When a user (or miner's address in this exploit) calls the buy() function of the Tray contract, it in turn repeatedly calls (for each tile) the _drawing function, providing uint256(lastHash) as input. The lastHash values is a variable stored in the state of the contract, and updated before each call. If these calls' order is changed, then the inputted lastHash values will vary. The _drawing() function in turn uses this inputted value towards the randomness generated by the call to Utils.iteratePRNG(_seed) here. The iteratePRNG is a simple on-chain PRNG function as you can see here. The characterIndex value is then set based on this randomness as you can see here, here and here.
Manual analysis.
Use of the Chainlink VRF oracle would prevent this vulnerability.
#0 - c4-judge
2023-03-28T18:47:44Z
0xleastwood marked the issue as duplicate of #121
#1 - c4-judge
2023-04-11T19:54:09Z
0xleastwood marked the issue as satisfactory
#2 - c4-judge
2023-04-11T20:03:27Z
0xleastwood marked the issue as duplicate of #121
#3 - c4-judge
2023-04-12T00:55:06Z
0xleastwood marked the issue as duplicate of #130
#4 - c4-judge
2023-04-12T00:59:59Z
0xleastwood marked the issue as partial-50