What is meant by Blockhash Minus-256 Problem?
I am reading an article at:
It talks about Blockhash Minus-256 problem but does not explain much about it. As a result I can’t understand this problem.
Please guide me.
Asked
Active
Viewed 556 times
1 Answers
1
It is talking about only the last 256 blocks being available to the contract, see https://solidity.readthedocs.io/en/v0.6.8/units-and-global-variables.html#block-and-transaction-properties under blockhash.
There is a whole section about it in your article:
As mentioned earlier, the blockhash function is only defined for the previous 256 blocks. (In the non-immediate future, EIP-210 aims to change this.) Therefore, if the second step of the above protocol is performed too late (>256 blocks later) or too early (in the same transaction as the first step), the result (zero) of blockhash will be known to an attacker.
This was for example the case in the SmartBillions hack: https://www.reddit.com/r/ethereum/comments/74d3dc/smartbillions_lottery_contract_just_got_hacked/
Markus - soliditydeveloper.com
- 3,040
- 15
- 33
-
last 256 blocks are good because the result of blockhash will not be zero and henceforth not known to the attacker, why its regarded as a problem? – zak100 Jun 01 '20 at 23:57
-
1@zak100 Anything within 256 blocks is no problem. Maybe you are referring the the second part of the article with CryptoKitties trying to circumvent the issue by choosing a new block once the old one is not reachable? Which is like the author states exploitable with try-and-error method. The better solution is to let the player loose on expired blockhashes. – Markus - soliditydeveloper.com Jun 02 '20 at 00:06