Closed code423n4 closed 1 year ago
Duplicate of #27
Pseudo randomness is intentionally being used and is a design choice. The ability to manipulate the transaction with flashbots (or other MEW tech) is not disputed, but the cost-to-benefit ratio is not valid and justifiable enough to make this an actual issue. Thus disputing the severity of the issue to being low severity at best.
Lines of code
https://github.com/code-423n4/2022-10-holograph/blob/f8c2eae866280a1acfdc8a8352401ed031be1373/src/HolographOperator.sol#L400
Vulnerability details
Vulnerability details
Description
In the function
crossChainMessage
ofHolographOperator
contract there is the following logic implemented for the calculation of the random value:Below in this function, such a value is used in the following way:
Using flashbots an attacker can predefine
block
parameters such asblock.number
andblock.timestamp
,_jobNonce
value.jobHash
value is obviously known for the caller. So there exists a way to predict the "random" value and mine job parameters in such a way thatpod
andoperatorIndex
values will be equal to the needed for the caller.Recommended Mitigation Steps
Use Chainlink's (or another trusted offchain information provider's) random value generation.