Light
DarkOne Bug Per Day
One H/M every day from top Wardens
Join over 1125 wardens!
Receive the email at any hour!
Golden God Tokens can be minted twice per generation
Lines of code
Vulnerability details
Impact
The current implementation of the EntropyGenerator contract allows for the possibility of having two "Golden God" tokens (tokens with an entropy value of 999999) per generation. This duplicity undermines the intended uniqueness and rarity of the Golden God token, potentially disrupting the game's economy and fairness. The predictability of one Golden God token, combined with the chance of a second one, could lead to exploitation and loss of player trust.
Proof of Concept
The vulnerability stems from two separate mechanisms that can produce a Golden God token:
- Predetermined Golden God:
javascriptfunction getEntropy(uint256 slotIndex, uint256 numberIndex) private view returns (uint256) { if (slotIndex == slotIndexSelectionPoint && numberIndex == numberIndexSelectionPoint) { return 999999; }
2.Entropy Calculation from the valued given by writeBatch:
javascriptuint256 slotValue = entropySlots[slotIndex]; uint256 entropy = (slotValue / (10 ** (72 - position))) % 1000000; uint256 paddedEntropy = entropy * (10 ** (6 - numberOfDigits(entropy)));
The predetermined Golden God is set during initialization, and the other Golden God token is set in the writeEntropyBatch3, since the math in the getEntropy doesn't affect 6 figs digits, this means if writeEntropyBatch3 does write a slot with golden number 999999, it's only a matter of time before someone gets since the nfts are attributed the slot sequentially.(token 1 will get slotIndex and numberIndex [0,0], token 2 will get [0,1], token 3 will get [0,2], and so on)
Tools Used
Manual Review
Recommended Mitigation Steps:
add a boolean to check if a golden god token has already been issued
Assessed type
Context