Weak Sources of Randomness from Chain Attributes

From WEB3 Vulnerapedia
Jump to navigation Jump to search

Weak Sources of Randomness from Chain Attributes

Using chain attributes for randomness, e.g.: block.timestamp, blockhash, and block.difficulty can seem like a good idea since they often produce pseudo-random values. The problem however, is that Ethereum is entirely deterministic and all available on-chain data is public. Chain attributes can either be predicted or manipulated, and should thus never be used for random number generation.

A common solution is to use an oracle solution such as Chainlink VRF.


The Merge of Ethereum introduced a new opcode that replaced the old block.difficulty, which was no longer applicable to the chain. block.prevrandao allows smart contract developers to get the Beacon chain's randomness. See EIP-4399.

There are several caveats:

  • block.prevrandao is often not available on other EVM blockchains. Sometimes it is substituted with 0 or other value[1][2].
  • The number itself represents the previous random value (current block - 1) because the randomness for the current one is still being processed[3].
  • It can be manipulated by the validators. Each malicious validator has one bit of influence on the final result[3].