Weak Sources of Randomness from Chain Attributes

Weak Sources of Randomness from Chain Attributes

Using chain attributes for randomness, e.g.: block.timestamp, blockhash, and block.difficulty can seem like a good idea since they often produce pseudo-random values. The problem however, is that Ethereum is entirely deterministic and all available on-chain data is public. Chain attributes can either be predicted or manipulated, and should thus never be used for random number generation.

A common solution is to use an oracle solution such as Chainlink VRF.

Prevrandao

The Merge of Ethereum introduced a new opcode that replaced the old block.difficulty, which was no longer applicable to the chain. block.prevrandao allows smart contract developers to get the Beacon chain's randomness. See EIP-4399.

There are several caveats:

• block.prevrandao is often not available on other EVM blockchains. Sometimes it is substituted with 0 or other value^[1][2].
• The number itself represents the previous random value (current block - 1) because the randomness for the current one is still being processed^[3].
• It can be manipulated by the validators. Each malicious validator has one bit of influence on the final result^[3].

Sources

https://github.com/kadenzipfel/smart-contract-vulnerabilities/blob/master/vulnerabilities/weak-sources-randomness.md#weak-sources-of-randomness-from-chain-attributes

https://swcregistry.io/docs/SWC-120

https://ethereum.stackexchange.com/questions/419/when-can-blockhash-be-safely-used-for-a-random-number-when-would-it-be-unsafe

https://ethereum.stackexchange.com/questions/191/how-can-i-securely-generate-a-random-number-in-my-smart-contract

https://fravoll.github.io/solidity-patterns/randomness.html