kleros · unknownunknown1 · Sep 5, 2022 · Aug 31, 2022 · Sep 1, 2022 · Sep 1, 2022
diff --git a/contracts/standard/rng/BeaconRNG.sol b/contracts/standard/rng/BeaconRNG.sol
@@ -1,6 +1,6 @@
  /**
- *  @authors: [@shalzz]
- *  @reviewers: [@jaybuidl]
+ *  @authors: [@shalzz, @unknownunknown1]
+ *  @reviewers: [@jaybuidl*, @geaxed*]
  *  @auditors: []
  *  @bounties: []
  *  @deployments: []
@@ -13,26 +13,48 @@ import "./RNG.sol";
 /**
  *  @title Random Number Generator using beacon chain random opcode
  */
-contract BeaconRNG is RNG {
+contract BeaconRNG {
+
+    uint public constant LOOKAHEAD = 132; // Number of blocks that has to pass before obtaining the random number. 4 epochs + 4 slots, according to EIP-4399.
+    uint public constant ERROR = 32; // Number of blocks after which the lookahead gets reset, so eligible blocks after lookahead don't go long distance, to avoid a possiblity for manipulation.
 
-    /**
-     * @dev Since we don't really need to incentivise requesting the beacon chain randomness,
-     * this is a stub implementation required for backwards compatibility with the
-     * RNG interface.
-     * @notice All the ETH sent here will be lost forever.
-     * @param _block Block the random number is linked to.
+    RNG public blockhashRNG; // Address of blockhashRNG to fall back on.
+
+    /** @dev Constructor.
+     * @param _blockhashRNG The blockhash RNG deployed contract address.
      */
-    function contribute(uint _block) public payable {}
+    constructor(RNG _blockhashRNG) public {
+        blockhashRNG = _blockhashRNG;
+    }
 
+    /**
+     * @dev Request a random number. It is not used by this contract and only exists for backward compatibility.
+     */
+    function requestRN(uint /*_block*/) public pure {}
 
-    /** @dev Return the random number from the PoS randomness beacon.
-     *  @param _block Block the random number is linked to.
-     *  @return RN Random Number. If the PoS upgrade defined by EIP-3675
-     *          has not yet executed 0 instead.
+    /**
+     * @dev Get an uncorrelated random number.
+     * @param _block Block the random number is linked to.
+     * @return RN Random Number. If the number is not ready or has not been required 0 instead.
      */
-    function getRN(uint _block) public returns (uint RN) {
-        if (block.difficulty <= 2**64)
-            return 0;
-        return block.difficulty;
+    function getUncorrelatedRN(uint _block) public returns (uint) {
+        // Pre-Merge.
+        if (block.difficulty <= 2**64) {
+            uint baseRN = blockhashRNG.getRN(_block);
+            if (baseRN == 0) {
+                return 0;
+            } else {
+                return uint(keccak256(abi.encodePacked(msg.sender, baseRN)));
+            }
+        // Post-Merge.
+        } else {
+            if (block.number > _block && (block.number - _block) % (LOOKAHEAD + ERROR) > LOOKAHEAD) {
+                // Eligible block number should exceed LOOKAHEAD but shouldn't be higher than LOOKAHEAD + ERROR.
+                // In case of the latter LOOKAHEAD gets reset.  
+                return uint(keccak256(abi.encodePacked(msg.sender, block.difficulty)));
+            } else {
+                return 0;
+            }
+        }
     }
 }
diff --git a/contracts/standard/rng/BeaconRNGFallback.sol b/contracts/standard/rng/BeaconRNGFallback.sol