Skip to content

03. CoinFlip

Jump to bottom
r1oga edited this page Oct 28, 2022 · 1 revision

Target

Guess the correct outcome 10 times in a row.**

Weakness

The contract tries to create randomness by relying on blockhashes, block number and a given FACTOR. This data isn't secret:

  • blockhash() and block.number are global variables in solidity
  • the FACTOR used to compute the coinFlip value is public can be reused by the attacker

Solidity Concepts

blockhash(uint blockNumber) returns (bytes32): hash of the given block - only works for 256 most recent blocks block.number (uint): current block number

Hack

Deploy an attacker contract.

  1. The attacker contract computes the blockValue by using the block.number and blockhash() global variables.
  2. As FACTOR is known, the attacker contract can compute coinFlip and side.
  3. Pass the right side argument to the original flip function that we call from the attacker contract.

Takeaways

There’s no true randomness on Ethereum blockchain, only "pseudo-randomness" i.e. random generators that are considered “good enough”. There currently isn't a native way to generate true randomness in the EVM.
Everything used in smart contracts is publicly visible, including the local variables and state variables marked as private.
Miners also have control over things like blockhashes, timestamps, and whether to include certain transactions - which allows them to bias these values in their favor.

Clone this wiki locally