Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure randomness in getPseudoRand(uint256 modulus){} function #60

Closed
code423n4 opened this issue May 11, 2021 · 1 comment
Closed

Insecure randomness in getPseudoRand(uint256 modulus){} function #60

code423n4 opened this issue May 11, 2021 · 1 comment
Labels
2 (Med Risk) Acknowledged bug Something isn't working

Comments

@code423n4
Copy link
Contributor

Handle

JMukesh

Vulnerability details

Impact

insecure randomness due to a modulo on block.timestamp, now or blockhash. These can be influenced by miners to some extent so they should be avoided

Proof of Concept

https://github.com/code-423n4/2021-05-nftx/blob/main/nftx-protocol-v2/contracts/solidity/NFTXVaultUpgradeable.sol#L418

Tools Used

slither

Recommended Mitigation Steps

use chainlink vrf
@code423n4 code423n4 added 2 (Med Risk) bug Something isn't working labels May 11, 2021
code423n4 added a commit that referenced this issue May 11, 2021
@code423n4
JMukesh issue #60
5ba3e3e
@0xKiwi 0xKiwi closed this as completed May 21, 2021
@cemozerr
Copy link
Collaborator

Duplicate of #78

@cemozerr cemozerr marked this as a duplicate of #78 May 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Acknowledged bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@0xKiwi @cemozerr @code423n4