The PinkRuntime framework incorporates the pallet_insecure_randomness_collective_flip pallet for randomness generation, leads to an insecure approach to generate random values, which could potentially be manipulated or anticipated
Proof of Concept
The Randomness Collective Flip pallet utilizes the hashes of the previous 81 blocks to generate a random value.
This appraoch show above is less secure becasue the randomness depends on previous blocks which is predictable and is discouraged for use in production environments in rust docs
@> impl pallet_insecure_randomness_collective_flip::Config for PinkRuntime {}
Tools Used
Manual Review
Recommended Mitigation Steps
it is recommended to use more secure appraoch utilizing VRF from the Pallet Babe for randomness generation in PinkRuntime.
VRFs provide verifiably random outputs, which are difficult ro predict or influence.
Lines of code
https://github.com/code-423n4/2024-03-phala-network/blob/a01ffbe992560d8d0f17deadfb9b9a2bed38377e/phala-blockchain/crates/pink/runtime/src/runtime.rs#L33 https://github.com/code-423n4/2024-03-phala-network/blob/a01ffbe992560d8d0f17deadfb9b9a2bed38377e/phala-blockchain/crates/pink/runtime/src/runtime.rs#L101
Vulnerability details
Impact
The PinkRuntime framework incorporates the
pallet_insecure_randomness_collective_flip
pallet for randomness generation, leads to an insecure approach to generate random values, which could potentially be manipulated or anticipatedProof of Concept
The Randomness Collective Flip pallet utilizes the hashes of the previous 81 blocks to generate a random value.
This appraoch show above is less secure becasue the randomness depends on previous blocks which is predictable and is discouraged for use in production environments in rust docs
Tools Used
Manual Review
Recommended Mitigation Steps
it is recommended to use more secure appraoch utilizing VRF from the
Pallet Babe
for randomness generation in PinkRuntime. VRFs provide verifiably random outputs, which are difficult ro predict or influence.References
Rust Docs - Insecure Randomness Generation
Polkadot Forum
1. Insecure Randomness Generation
Assessed type
Error