Weak Sources of Randomness from Chain Attributes
Weak Sources of Randomness from Chain Attributes
The ability to generate random numbers is highly useful in various types of applications. A clear example is betting DApps, where a pseudo-random number generator is used to select the winner. However, creating a strong source of randomness on Ethereum is very challenging. For instance, using block.timestamp is unsafe because a miner can choose any suitable timestamp within a few seconds and still have their block accepted by others. Using blockhash, block.difficulty, and other fields is also insecure because they are controlled by miners. If the betting amount is high, a miner can rent hardware to mine a large number of blocks in a short time, choose the block that contains the required block hash to win, and discard the other blocks.
The Importance and Challenges of Randomness in Smart Contracts
Randomness can be used in a wide range of smart contract applications, from games and betting to decentralized finance (DeFi) and lotteries. In such scenarios, achieving a fair and unpredictable random outcome is essential to maintaining integrity and fairness.
While implementing randomness in languages like Python and JavaScript is relatively simple, adding randomness to smart contracts securely poses significant challenges. According to the OWASP report, Insecure Randomness is identified as the ninth most common vulnerability in the "Top 10 Smart Contract Security Weaknesses" list.
The Ethereum Virtual Machine (EVM) and the Challenge of Random Number Generation
On Ethereum, the Ethereum Virtual Machine (EVM) is the execution environment for running smart contracts. The EVM uses a deterministic model, meaning that for a given input, the execution of a smart contract will always produce the same output. This feature is essential for maintaining the consistency and reliability of smart contracts on the blockchain.
In the EVM, transactions are replayed and verified by multiple nodes. If a smart contract includes a random number generator (RNG) function, it must produce exactly the same random number in every execution so that other nodes can validate the contract's behavior. However, this requirement conflicts with the basic principles of randomness, which, by definition, should always be unique and unpredictable.
Solution: Use of Pseudo-Random Number Generators (PRNG)
One approach to solving this problem is to use a pseudo-random number generator (PRNG), which, based on a private seed value and internal state, generates a set of bytes pseudo-randomly but deterministically. Developers can use the following block attributes for this purpose:
-
blockhash(uint blockNumber): Returns the hash of a given block (only works for the last 256 blocks). -
block.number: The current block number. -
block.coinbase: The address of the miner of the current block. -
block.timestamp: The timestamp of the current block in seconds since the Unix Epoch.
These methods help smart contracts generate pseudo-random values while maintaining verifiability within the network.
What is the Impact of Weak Sources of Randomness from Chain Attributes?
Insecure random generation can be exploited by attackers to gain an unfair advantage in games, lotteries, and any other contract that relies on random number generation. By predicting or manipulating outcomes that are seemingly random, attackers can influence results in their favor. This can lead to unfair wins, financial losses for other participants, and an overall decline in trust in the integrity and fairness of the smart contract.
What Actions Should Be Taken?
-
Use Oracles (such as Oraclize) as external sources of randomness:
When relying on an oracle, caution must be exercised. It’s also advisable to use multiple independent oracles to prevent manipulation by a single oracle. -
Use Verifiable Random Functions (VRF):
VRFs, such as those provided by Chainlink, offer cryptographic proof that random numbers were generated fairly. They allow anyone to verify the authenticity and integrity of the random output, reducing the risk of manipulation. -
Commit-Reveal Schemes:
In this approach, participants initially submit a hashed (committed) version of their random input. Later, they reveal the actual value. This two-step process helps prevent participants from choosing their random input after seeing others' choices, thereby maintaining fairness. -
Hybrid Approaches:
Combining multiple randomness sources and techniques — for example, using both block attributes and external oracles — can further strengthen randomness generation and reduce dependency on a single potentially vulnerable source. -
Continuous Auditing and Testing:
Regular security audits and penetration testing of smart contracts are essential to identify and mitigate potential randomness vulnerabilities. -
Stay Updated with Best Practices:
The blockchain and smart contract ecosystem is evolving rapidly. Developers should stay informed about the latest tools, techniques, and vulnerabilities related to randomness and overall smart contract security.
By following these strategies, developers can significantly reduce the risks associated with weak sources of randomness and enhance the fairness, transparency, and security of their smart contracts.
Our Solution:
Sources:
https://owasp.org/www-project-smart-contract-top-10/2025/en/src/SC09-insecure-randomness.html
https://swcregistry.io/docs/SWC-120
