Weak Randomness

Randomness is considered weak if it can be predicted in a non-negligible way. Broadly speaking, the true source of randomness is just a topic for discussion^[1]^[2] and yet to be proved, so any application that requires some should choose a certain level to maintain. In practice, most applications use default computer integrated randomness (like crypto.randomBytes() in NodeJS^[3]), which is sufficient.

Solidity

Smart contracts often need randomness to execute their logic fairly. Usually, there are several solutions:

pseudorandomness from chain attributes
decentralized services like Chainlink VRF
commitment to an off-chain computation with later reveal, which often would require a centralized party
other schemes

Each method has its strong sides. The most secure would be Chainlink VRF, but it will also require a small payment for each request.

[1] ttps://www.cs.auckland.ac.nz/~cristian/crispapers/QR_TP.pdf

[2] ttps://philosophy.stackexchange.com/questions/29364/does-true-randomness-actually-exist

[3] ttps://stackoverflow.com/questions/18130254/randombytes-vs-pseudorandombytes

[1]

[2]

[3]

Weak Randomness

Solidity

Navigation menu

Search