CoreCollection: Starting index is pseudo-randomly generated, allowing for gameable NFT launches #50
Description
Lines of code
Vulnerability details
Details & Impact
In Paradigm’s article “A Guide to Designing Effective NFT Launches”, one of the desirable properties of an NFT launch is unexploitable fairness: Launches must have true randomness to ensure that predatory users cannot snipe the rarest items at the expense of less sophisticated users.
It is therefore highly recommended to find a good source of entropy for the generation of the starting index. The block.number isn’t random at all; it only incrementally increases, allowing anyone to easily compute the starting indexes of the next 10,000 blocks for instance.
contract FortuneTeller {
function predictStartingIndexes(uint256 maxSupply, uint256 numBlocks)
external
view
returns
(uint256[] memory startingIndexes) {
startingIndexes = new uint[](numBlocks);
for (uint256 i = 0; i < numBlocks; ++i) {
startingIndexes[i] = (uint256(
keccak256(abi.encodePacked("CoreCollection", block.number + i))
) % maxSupply) +
1;
}
}
}Coupled with the fact that the _baseUri is set upon initialization, the metadata could be scrapped beforehand to determine the rare NFTs.
Thus, NFT mints can be gamed / exploited.
Recommended Mitigation Steps
Consider exploring the use of commit-reveal schemes (eg. blockhash of a future block, less gameable but not foolproof) or VRFs.