From 2ca5b6b62d8870be5cec4adbfe662aaefd8cb6b5 Mon Sep 17 00:00:00 2001
From: Shargon <shargon@gmail.com>
Date: Tue, 15 Oct 2019 10:59:46 +0200
Subject: [PATCH] Improve the random security (#1145)

* Remove global randoms

* Wallet

* Optimize

* Use random class

* Revert wallet
---
 neo/Consensus/ConsensusContext.cs     | 2 +-
 neo/Network/RPC/TransactionManager.cs | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/neo/Consensus/ConsensusContext.cs b/neo/Consensus/ConsensusContext.cs
index ddbf6caeea..463bdc0407 100644
--- a/neo/Consensus/ConsensusContext.cs
+++ b/neo/Consensus/ConsensusContext.cs
@@ -42,7 +42,6 @@ internal class ConsensusContext : IDisposable, ISerializable
         private int _witnessSize;
         private readonly Wallet wallet;
         private readonly Store store;
-        private readonly Random random = new Random();
 
         public int F => (Validators.Length - 1) / 3;
         public int M => Validators.Length - F;
@@ -266,6 +265,7 @@ internal void EnsureMaxBlockSize(IEnumerable<Transaction> txs)
 
         public ConsensusPayload MakePrepareRequest()
         {
+            var random = new Random();
             byte[] buffer = new byte[sizeof(ulong)];
             random.NextBytes(buffer);
             Block.ConsensusData.Nonce = BitConverter.ToUInt64(buffer, 0);
diff --git a/neo/Network/RPC/TransactionManager.cs b/neo/Network/RPC/TransactionManager.cs
index 7b4db697ab..d4a651fd78 100644
--- a/neo/Network/RPC/TransactionManager.cs
+++ b/neo/Network/RPC/TransactionManager.cs
@@ -1,4 +1,4 @@
-using Neo.Cryptography.ECC;
+using Neo.Cryptography.ECC;
 using Neo.IO;
 using Neo.Network.P2P.Payloads;
 using Neo.Network.RPC.Models;
@@ -15,7 +15,6 @@ namespace Neo.Network.RPC
     /// </summary>
     public class TransactionManager
     {
-        private static readonly Random rand = new Random();
         private readonly RpcClient rpcClient;
         private readonly UInt160 sender;
 
@@ -50,11 +49,12 @@ public TransactionManager(RpcClient rpc, UInt160 sender)
         /// <returns></returns>
         public TransactionManager MakeTransaction(byte[] script, TransactionAttribute[] attributes = null, Cosigner[] cosigners = null, long networkFee = 0)
         {
+            var random = new Random();
             uint height = rpcClient.GetBlockCount() - 1;
             Tx = new Transaction
             {
                 Version = 0,
-                Nonce = (uint)rand.Next(),
+                Nonce = (uint)random.Next(),
                 Script = script,
                 Sender = sender,
                 ValidUntilBlock = height + Transaction.MaxValidUntilBlockIncrement,