Open c4-bot-6 opened 5 months ago
jhsagd76 marked the issue as satisfactory
jhsagd76 marked the issue as confirmed for report
@jhsagd76 Issue M-05B very specifically targets the bug described in 578: the team meant to use the user's address for DNA generation but the code used the MergingPool address instead. This is not about randomness itself, it's simply about an implementation bug that deviates from what was planned. As report 578 points out in the Impact section: "This inconsistency may lead to unexpected behavior."
Discussions about DNA randomness belong to M-05A. Otherwise why would the issue be split in two? I think that M-05B is mitigated.
The sentence in #578 says "This inconsistency may lead to unexpected behavior.", but it doesn't describe this behavior. The only unexpected behavior I saw was that dna combinations space was too little. The consequence is that if the dna combinations space is too little, it is easy to forecast it. According to this, the unexpected behaviors are the same as described in M-05A. I think the discussions were split because the root causes were different, but they both involve bad randomness and a malicious user who can exploit it.
Per request from the judge @jhsagd76 here, updating the labels on this issue accordingly.
If possible, the best approach would be to include both #5 and #18 in the report. This is because #5 is the best among all reports related to M-MR-05, and #18 supplements it with details about the issue of random number prediction in the original contest https://github.com/code-423n4/2024-02-ai-arena-findings/issues/1017.
Lines of code
https://github.com/ArenaX-Labs/2024-02-ai-arena-mitigation/blob/setUpAirdrop-mitigation/src/FighterFarm.sol#L366
Vulnerability details
Lines of code
Old lines of code
https://github.com/code-423n4/2024-02-ai-arena/blob/cd1a0e6d1b40168657d1aaee8223dc050e15f8cc/src/FighterFarm.sol#L324
Mitigated lines of code
https://github.com/ArenaX-Labs/2024-02-ai-arena-mitigation/blob/setUpAirdrop-mitigation/src/FighterFarm.sol#L366
Vulnerability details
The issue was reported in #578 and #1017.
The vulnerability is inside FighterFarm.mintFromMergingPool():
This function can be called only by the
merging pool contract
. This means thatmsg.sender
must be_mergingPoolAddress
. However,msg.sender
is also used asdna
parameter of_createNewFighter()
(line L324).Impact: Even if an attacker can't exploit this bad randomness to obtain better fighters, players could forecast the attributes of fighters that will be created in the future, due to the bad randomness caused by this issue.
Recommended Mitigation proposed by wardens
The mitigation proposal is to replace
msg.sender
in line L324 with the addressto
, that should represents the player who calls MergingPool.claimRewards():This solution was implemented by the Ai Arena team
Comment about the Mitigation Proposal
This finding belongs to a group of issues that reported the low randomness of dna. Two of the most important are #53 and #519. The root cause is that
msg.sender
can be a bad source of randomness because an attacker could create a malicious contract at the wanted address using, for example, Create2.In the case above, before the mitigation, nobody could exploit the vulnerability, because the
msg.sender
value was always the_mergingPoolAddress
. After the mitigation, thedna
of the new fighter relies on the caller's address. So, the mitigation could introduce the possibility of manipulating themsg.sender
address and obtaining wanted attributes.Attack vector
Let's think that before the current round,
fighters.length
into FighterFarm.sol is 0. Eve locally tries many combinations and finds that the tuple(address_E, fighters.length=3)
permits creating a very rare fighter: Eve can forecast this is because she can exploit the line FighterFarm.sol#214:to obtain
dna
and then use its value to precompute the new fighter's physical attributes:Now, Eve creates a new contract at
address_E
and tries to win the current round (for example using a new fighter redeemed with a mint pass). If she wins, she could callMergingPool.claimRewards()
just after someone else has obtained the fighter number 3 (in other words, when fighters.length=3).We know this attack vector could be hard to perform, but we have to report the consequences of mitigation. To solve the bad randomness introduced by this mitigation, we propose to implement something like FighterFarm.redeemMintPass() where the
dna
is obtained from an external source (for example, from a backend server) and cannot be manipulated by the caller.Conclusions
In conclusion, the proposed mitigation solves the initial bad randomness due to too little
dna
combinations space. However, it doesn't solve the issue reported by #1017:The malicious user can still forecast the outcome fighter attributes and claim the MergingPool reward when it is more convenient for him/her. Furthermore, it introduces the possibility to manipulate the
msg.sender
value to obtain a wanteddna
and, so, a fighter with wanted valuable and rare attributes. We are going to report this comment as "unmitigated" and the attack vector above as a "new finding".Assessed type
Other