After reading this SWC https://swcregistry.io/docs/SWC-120 I was curious how we can predict the blockhash of the next block. Because in the second example, it is saying the contract is vulnerable to bad randomness
Asked
Active
Viewed 931 times
1 Answers
0
It is impossible to predict the block hash of the next block.
- A random miner will get from the mempool any transaction he likes and put them in any order in the block. So, multiple miners may end up with different block configurations.
- Each miner is free to try whatever nonce they want and play around with some of the values of the block header, like the
timestampthat is set by the miner and they have some room to add any timestamp they want that is within a reasonable time (a few seconds less or a few seconds more than the current timestamp). - The
keccak256hash of the header of the block, as with any other good hashing algorithm, cannot be predicted. So in order for the miner to know what will be thekeccak256hash of his block, he needs to actually calculate thekeccak256of his block.
But, the miner that mines a block is able to see the block hash of his block first than anybody else, which allows him, in theory, to launch an attack on a smart contract that is using the block hash of the next block to provide some profit to somebody.
Maybe is more rewarding for a miner to act honestly, but if the profits of launching an attack are way more profitable than the reward that the block provides, especially if their block will not be affected by the attack, then they may launch an attack.
I would suggest not relying on the block.hash as a source of randomness. Better use something like Chainlink VRF for that.
Jeremy Then
- 4,599
- 3
- 5
- 28
old_blockhash.sol– FaizanNehal Sep 03 '22 at 22:48hash = 0x00and waiting 256 blocks. The blockhash for blocks older than this is always 0x00 so easy win – 0xSanson Sep 03 '22 at 23:00