Is the sealedSeed in Randomness contract secure?

fravoll / solidity-patterns

A compilation of patterns and best practices for the smart contract programming language Solidity

https://fravoll.github.io/solidity-patterns/

MIT License

3.17k stars 517 forks source link

Is the sealedSeed in Randomness contract secure? #17

Closed simontianx closed 3 years ago

simontianx commented 3 years ago

Hey, one concern I had about the contract sample in your article is the state variable bytes32 sealedSeed; is stored in the first slot of the contract storage. Isn't this easily accessed by web3.eth.getStorageAt(contractAddr, 0) function? A malicious attacker can read the seed and make a sure bet.