!not a duplicate issue of get random number from block.timestamp!
Word Acai have more chance to appear, The random numbers are not evenly distributed.
Proof of Concept
Function getWord is to get word by id, notice that when id= 0 or id= 1, it both will return word Acai.
function getWord(uint256 id) private pure returns (string memory) {
// array storing the words list
string[100] memory wordsList = ["Acai",
....... "Watermelon"
];
// returns a word based on index
if (id==0) {
return wordsList[id];
} else {
@> return wordsList[id - 1];
}
}
The issue is when generating a random number to get word, suppose the random numbers are evenly distributed, id 0 and 1 will get the same result, which will makes the word Acai have more chance to appear disrupting the randomness.
Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/2467db02cc446374ab9154dde98f7e931d71584d/smart-contracts/XRandoms.sol#L28-L33
Vulnerability details
Impact
!not a duplicate issue of
get random number from block.timestamp
!Word
Acai
have more chance to appear, The random numbers are not evenly distributed.Proof of Concept
Function
getWord
is to get word by id, notice that whenid
=0
orid
=1
, it both will return wordAcai
.The issue is when generating a random number to get word, suppose the random numbers are evenly distributed, id
0
and1
will get the same result, which will makes the wordAcai
have more chance to appear disrupting the randomness.poc:
forge test --mt test_getWorld -vv
get log
Acai
appear twice and last wordWatermelon
will never appearTools Used
manual
Recommended Mitigation Steps
consider modify the if logic
Assessed type
Other