pooltogether / pooltogether-rng-contracts Goto Github PK
View Code? Open in Web Editor NEWPoolTogether RNG Service
License: GNU General Public License v3.0
pooltogether-rng-contracts's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
modernartistdao yangxu1210 panademo cleancoindev dankerman666 smarteasy g2entgroup wanglonghong sekmet upsidecomp ctyl3r isabella232 elizabf drcpu-github poolyfan 3scava1i3r niffl3rreturnspooltogether-rng-contracts's Issues
Deployment fails
Step from readme file:
yarn deploy rinkebyfails
yarn run v1.22.17 $ hardhat deploy --write true --network rinkeby (node:35736) Warning: Accessing non-existent property 'VERSION' of module exports inside circular dependency (Usenode --trace-warnings ...` to show where the warning was created)
Nothing to compile
An unexpected error occurred:
Error: ERROR processing skip func of /home/dev/Documents/Projects/Blockchain/pooltogether-rng-contracts/deploy/deploy.ts:
TSError: ⨯ Unable to compile TypeScript:
deploy/deploy.ts:31:20 - error TS7053: Element implicitly has an 'any' type because expression of type 'number' can't be used to index type '{ default: BigNumber; 1: BigNumber; 4: BigNumber; 42: BigNumber; 137: BigNumber; 80001: BigNumber; }'.
No index signature with a parameter of type 'number' was found on type '{ default: BigNumber; 1: BigNumber; 4: BigNumber; 42: BigNumber; 137: BigNumber; 80001: BigNumber; }'.
31 const feeValue = fee[chainId] || fee.default
~~~~~~~~~~~~
deploy/deploy.ts:32:24 - error TS7053: Element implicitly has an 'any' type because expression of type 'number' can't be used to index type '{ default: string; 1: string; 4: string; 42: string; 137: string; 80001: string; }'.
No index signature with a parameter of type 'number' was found on type '{ default: string; 1: string; 4: string; 42: string; 137: string; 80001: string; }'.
32 const keyHashValue = keyHash[chainId] || keyHash.default
~~~~~~~~~~~~~~~~
deploy/deploy.ts:63:56 - error TS2322: Type 'string' is not assignable to type 'never'.
63 RNGChainlink = await _getContract('RNGChainlink', [vrfCoordinator, linkAddress])
~~~~~~~~~~~~~~
deploy/deploy.ts:63:72 - error TS2322: Type 'string' is not assignable to type 'never'.
63 RNGChainlink = await _getContract('RNGChainlink', [vrfCoordinator, linkAddress])
~~~~~~~~~~~
at createTSError (/home/dev/Documents/Projects/Blockchain/pooltogether-rng-contracts/node_modules/ts-node/src/index.ts:750:12)
at reportTSError (/home/dev/Documents/Projects/Blockchain/pooltogether-rng-contracts/node_modules/ts-node/src/index.ts:754:19)
at getOutput (/home/dev/Documents/Projects/Blockchain/pooltogether-rng-contracts/node_modules/ts-node/src/index.ts:941:36)
at Object.compile (/home/dev/Documents/Projects/Blockchain/pooltogether-rng-contracts/node_modules/ts-node/src/index.ts:1243:30)
at Module.m._compile (/home/dev/Documents/Projects/Blockchain/pooltogether-rng-contracts/node_modules/ts-node/src/index.ts:1370:30)
at Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
at Object.require.extensions.<computed> [as .ts] (/home/dev/Documents/Projects/Blockchain/pooltogether-rng-contracts/node_modules/ts-node/src/index.ts:1374:12)
at Module.load (node:internal/modules/cjs/loader:981:32)
at Function.Module._load (node:internal/modules/cjs/loader:822:12)
at Module.require (node:internal/modules/cjs/loader:1005:19)
at DeploymentsManager.executeDeployScripts (/home/dev/Documents/Projects/Blockchain/pooltogether-rng-contracts/node_modules/hardhat-deploy/src/DeploymentsManager.ts:1101:15)
at DeploymentsManager.runDeploy (/home/dev/Documents/Projects/Blockchain/pooltogether-rng-contracts/node_modules/hardhat-deploy/src/DeploymentsManager.ts:1053:16)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async SimpleTaskDefinition.action (/home/dev/Documents/Projects/Blockchain/pooltogether-rng-contracts/node_modules/hardhat-deploy/src/index.ts:409:5)
at async Environment._runTaskDefinition (/home/dev/Documents/Projects/Blockchain/pooltogether-rng-contracts/node_modules/hardhat/src/internal/core/runtime-environment.ts:217:14)
at async Environment.run (/home/dev/Documents/Projects/Blockchain/pooltogether-rng-contracts/node_modules/hardhat/src/internal/core/runtime-environment.ts:129:14)
at async SimpleTaskDefinition.action (/home/dev/Documents/Projects/Blockchain/pooltogether-rng-contracts/node_modules/hardhat-deploy/src/index.ts:555:32)
at async Environment._runTaskDefinition (/home/dev/Documents/Projects/Blockchain/pooltogether-rng-contracts/node_modules/hardhat/src/internal/core/runtime-environment.ts:217:14)
at async Environment.run (/home/dev/Documents/Projects/Blockchain/pooltogether-rng-contracts/node_modules/hardhat/src/internal/core/runtime-environment.ts:129:14)
at async SimpleTaskDefinition.action (/home/dev/Documents/Projects/Blockchain/pooltogether-rng-contracts/node_modules/hardhat-deploy/src/index.ts:640:5)
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
`
Possible vulnerability - RNGBlockhash algorithm use already known block for seed generation
Seems that RNGBlockhash algorithm is waiting for 2 new blocks ("saved block + 2") instead of one but return seed based on previous for current:
- current block number saved into "requestLockBlock" array
- following condition will be true when "block number = saved block number + 2":
so you are waiting for 2 new blocks and only then function "_isRequestComplete" will start to return true - but then you are using previous block for current as seed:
So in general steps are following:
- save into memory current block number (block A)
- waiting for new block number (block B)
- waiting for new block number (block C)
- generate seed based on block B
This looks like vulnerability because seed will be already known at step (2) and we don't need to wait until full completion
How to fix:
-
replace on "return block.number > requestLockBlock[requestId];" -
replace on "return uint256(blockhash(block.number));"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.