scout-soroban
scout-soroban copied to clipboard
Published
20 hours ago •
CoinFabrik
CoinFabrik
Review insufficiently-random-values detector and remediated test-case
Description
Following these notes by an auditor and this conversation thread, we need to remove the recommendation to use prng() as a source of randomness for Soroban smart contracts.
Acceptance Criteria
- [ ] Modify detector output message to something like "Avoid using block attributes for random number generation, remember that all random numbers are under the control of validators.".
- [ ] Modify remediated test case, using an oracle instead of
prng(). (referencias: 1, 2, 3). [PARECE QUE NO HAY ORACULO QUE ANDE, HABLAR CON MATI Y VALE Y PROPONER HACERLO]. - [ ] Add vulnerable test case using
prng(). - [ ] Update detector and vulnerability documentation. Add
prng()to the list of vulnerable cases, recommend using an oracle as remediation. - [ ] Update Scout run in tutorial video for insufficiently-random-values. Add
prng()to vulnerable cases. If possible, provide code explaining how to use an oracle.
Observaciones Juli
Puede ser que prng() tenga su caso de uso dependiendo de la tolerancia al riesgo que se tenga.
Podríamos entonces dar un hint que sea (hay copia textual de la doc):
- Para casos donde se use timestamp o sequence, algo como "Avoid using ledger().timestamp or ledger().sequence as entropy source, since they can be biased. soroban_sdk provides prng(), an api that provides better PSEUDO random management. However, the PRNG is seeded with PUBLIC data that is under the control of validators. Therefore it should only be used in applications where the risk of validator influence is acceptable.
- Para casos donde se usa prng: "The PRNG is seeded with PUBLIC data that is under the control of validators. Therefore it should only be used in applications where the risk of validator influence is acceptable."
Observaciones Aure
Para tener randomness sí o sí necesitás algo como un oráculo. El tema de las VRFs no lo tengo claro, pero entiendo que es más para estar seguros de que el random fue random posta. De todas maneras necesita input de afuera de la blockchain.
