Chainlink VRF

Chainlink VRF (Verifiable Random Function) is a provably fair and verifiable random number generator (RNG) that enables smart contracts to access random values without compromising security or usability^[1]. It is one of the many other oracle services that Chainlink provides.

Vulnerabilities

Integration of the service requires strict rules followed by developers. The most common mistakes:

Revert in fulfillRandomWords function^[2]. The service won't call the function again, so developers should ensure proper handling of the random value.
Possibility of user actions during the fulfillment^[3]. Users can see the randomness in the mempool and frontrun the service transaction.
Wrong number of block confirmations^[4]. Reorganizations can be quite common on some blockchains. For example, reorganizations in Polygon happen on a daily basis^[5].

[1] ttps://docs.chain.link/vrf

[2] ttps://docs.chain.link/vrf/v2/security#fulfillrandomwords-must-not-revert

[3] ttps://docs.chain.link/vrf/v2/security#dont-accept-bidsbetsinputs-after-you-have-made-a-randomness-request

[4] ttps://docs.chain.link/vrf/v2/security#choose-a-safe-block-confirmation-time-which-will-vary-between-blockchains

[5] ttps://polygonscan.com/blocks_forked

[1]

[2]

[3]

[4]

[5]

Chainlink VRF

Vulnerabilities

Navigation menu

Search