The user can select the best out of all rerolls (unmitigated issue 4. grouped under M-05)

[c4-bot-6]

Lines of code

https://github.com/ArenaX-Labs/2024-02-ai-arena-mitigation/blob/d81beee0df9c5465fe3ae954ce41300a9dd60b7f/src/FighterFarm.sol#L424

Vulnerability details

Impact

The best out of the entire sequence of reroll results can be selected, instead of having to take a chance at each reroll attempt.

Proof of Concept

The DNA is set in FighterFarm.reRoll() as uint256(keccak256(abi.encode(tokenId, numRerolls[tokenId]))). This means that the user can calculate the outcomes of all reroll attempts in advance and choose the best one by rerolling until that reroll. This means that it is no longer a reroll but a random sample of fighters offered to the user, from which he can select the best one.

Recommended Mitigation Steps

The next reroll must not be determined from currently knowable values. This can be achieved by having the admin provide the randomness after a reroll request by the user. This randomness can be in the form of blockhash(block.number - 1) set on the admin call.

Assessed type

Other

[c4-judge]

jhsagd76 marked the issue as satisfactory

[c4-judge]

jhsagd76 marked the issue as duplicate of #16

[liveactionllama]

Per request from the judge @jhsagd76 here, updating the labels on this issue accordingly.

[c4-judge]

jhsagd76 marked the issue as nullified

[jhsagd76]

Since the issue does not explicitly mention a new exploit path, it will be treated as a part of un-mitigation of M-05, not as a duplicate.

BTW, I think I also should remove the dup label and re-marked it as unmitigated.

[c4-judge]

jhsagd76 marked the issue as not a duplicate

[c4-judge]

jhsagd76 marked the issue as unmitigated

[c4-judge]

jhsagd76 marked the issue as satisfactory