After that, in getWord(), wordsList has 100 words, in the following code, since the range of randomNum is [0,99], the probability that "Acai" is selected is 2/100 (randomNum is 0 or 1), the probability that "Watermelon" is selected is 0, and the probability that other words are selected is 1/100, that is, randomWord() returns different words with unequal probability.
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/71d055b623b0d027886f1799739b7f785b5bc7cd/smart-contracts/XRandoms.sol#L15-L33
Vulnerability details
Impact
randomPool.randomWord() will mod 100 when calculating randomNum, so the range of randomNum is [0,99].
After that, in getWord(), wordsList has 100 words, in the following code, since the range of randomNum is [0,99], the probability that "Acai" is selected is 2/100 (randomNum is 0 or 1), the probability that "Watermelon" is selected is 0, and the probability that other words are selected is 1/100, that is, randomWord() returns different words with unequal probability.
Proof of Concept
https://github.com/code-423n4/2023-10-nextgen/blob/71d055b623b0d027886f1799739b7f785b5bc7cd/smart-contracts/XRandoms.sol#L15-L33 https://github.com/code-423n4/2023-10-nextgen/blob/71d055b623b0d027886f1799739b7f785b5bc7cd/smart-contracts/XRandoms.sol#L40-L43
Tools Used
None
Recommended Mitigation Steps
Change to
Assessed type
Context