Forwarded from crypto eli5
randomness in ethereum
it’s impossible to produce truly random numbers on ethereum as available entropy is limited to a few block parameters. these parameters may be unknown to the user beforehand, but they are known during a chained contract call or can be easily be read and manipulated by a miner.
one way to tell an ordinary address from a contract is to look up the code field. if it’s not empty, it’s a contract. there is one caveat though, there is no code returned for a contract that’s just being deployed and initialized. its constructor can do whatever a contract can do.
this was exploited to bump up the chance of winning a random reward in fomo3d ponzi game from 0.5% to a guaranteed 100%. the attacker took a random function directly from the game contract and wrote a simple contract:
1. check if there is enough ether in the reward pool
2. generate a “random number” which will be the same from the game perspective
3. check if the deposit will win with that number
4. send ether and withdraw the reward
6. self destruct and send all proceeds back to the attacker
this could’ve been mitigated by checking that there was no intermediate caller:
https://www.reddit.com/r/ethereum/comments/916xni/how_to_pwn_fomo3d_a_beginners_guide/
it’s impossible to produce truly random numbers on ethereum as available entropy is limited to a few block parameters. these parameters may be unknown to the user beforehand, but they are known during a chained contract call or can be easily be read and manipulated by a miner.
one way to tell an ordinary address from a contract is to look up the code field. if it’s not empty, it’s a contract. there is one caveat though, there is no code returned for a contract that’s just being deployed and initialized. its constructor can do whatever a contract can do.
this was exploited to bump up the chance of winning a random reward in fomo3d ponzi game from 0.5% to a guaranteed 100%. the attacker took a random function directly from the game contract and wrote a simple contract:
1. check if there is enough ether in the reward pool
2. generate a “random number” which will be the same from the game perspective
3. check if the deposit will win with that number
4. send ether and withdraw the reward
6. self destruct and send all proceeds back to the attacker
this could’ve been mitigated by checking that there was no intermediate caller:
require(msg.sender == tx.origin). this is still a terrible idea, because contracts shouldn’t be barred from calling other contracts as there are a lot of legitimate cases like multisig wallets.https://www.reddit.com/r/ethereum/comments/916xni/how_to_pwn_fomo3d_a_beginners_guide/