feat(blackjack): random function exploitable

tolstenko · tolstenko · commit 7ae194a1483c · 2023-03-16T12:38:18.000-04:00
diff --git a/contracts/Blackjack.sol b/contracts/Blackjack.sol
@@ -0,0 +1,52 @@
+pragma solidity 0.8.9;
+
+import "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
+
+contract Blackjack is Initializable, PausableUpgradeable, OwnableUpgradeable {
+
+    /// @custom:oz-upgrades-unsafe-allow constructor
+    constructor() {
+        _disableInitializers();
+    }
+
+    function initialize() initializer public {
+        __Pausable_init();
+        __Ownable_init();
+        nonce = 0;
+    }
+
+    function pause() public onlyOwner {
+        _pause();
+    }
+
+    function unpause() public onlyOwner {
+        _unpause();
+    }
+
+    uint256 nonce;
+    // this function is exploitable. we need to change this ASAP
+    function random() public returns (uint256) {
+        uint256 randomNumber = uint256(
+            keccak256(
+                abi.encodePacked(
+                    nonce,
+                    msg.sender,
+                    gasleft(),
+                    block.difficulty,
+                    block.timestamp,
+                    block.number,
+                    blockhash(block.number - 1),
+                    block.coinbase,
+                    block.gaslimit,
+                    block.basefee,
+                    block.chainid,
+                    address(this)
+                )
+            )
+        );
+        nonce++;
+        return randomNumber;
+    }
+}
diff --git a/hardhat.config.ts b/hardhat.config.ts
@@ -9,6 +9,7 @@ import "solidity-coverage";
 import { Wallet } from "ethers";
 import { resolve } from "path";
 import { HardhatNetworkUserConfig } from "hardhat/types/config";
+import "@openzeppelin/hardhat-upgrades";
 
 dotenv.config({ path: resolve(__dirname, "./.env") });
 
diff --git a/package.json b/package.json
@@ -6,8 +6,9 @@
     "@nomiclabs/hardhat-waffle": "^2.0.5",
     "@openzeppelin/contracts": "^4.8.2",
     "@openzeppelin/contracts-upgradeable": "^4.8.2",
-    "@typechain/ethers-v5": "^7.2.0",
-    "@typechain/hardhat": "^2.3.1",
+    "@openzeppelin/hardhat-upgrades": "^1.22.1",
+    "@typechain/ethers-v5": "^10.2.0",
+    "@typechain/hardhat": "^6.1.5",
     "@types/chai": "^4.3.4",
     "@types/mocha": "^9.1.1",
     "@types/node": "^12.20.55",
@@ -26,17 +27,17 @@
     "eslint-plugin-node": "^11.1.0",
     "eslint-plugin-prettier": "^3.4.1",
     "eslint-plugin-promise": "^5.2.0",
-    "ethereum-waffle": "^3.4.4",
+    "ethereum-waffle": "^4.0.10",
     "ethers": "^5.7.2",
     "hardhat": "^2.13.0",
     "hardhat-gas-reporter": "^1.0.9",
     "prettier": "^2.8.4",
     "prettier-plugin-solidity": "^1.1.3",
     "rimraf": "^3.0.2",
     "solhint": "^3.4.1",
-    "solidity-coverage": "^0.7.22",
+    "solidity-coverage": "^0.8.2",
     "ts-node": "^10.9.1",
-    "typechain": "^5.2.0",
+    "typechain": "^8.1.1",
     "typescript": "^4.9.5"
   },
   "scripts": {
diff --git a/test/Blackjack.test.ts b/test/Blackjack.test.ts
@@ -0,0 +1,30 @@
+import { expect } from "chai";
+import { ethers, network, upgrades } from "hardhat";
+import { Blackjack, Blackjack__factory } from "../typechain";
+import { SignerWithAddress } from "@nomiclabs/hardhat-ethers/signers";
+import { Contract, utils } from "ethers";
+import {
+  bigNumberToFloat,
+  expandTo9Decimals,
+  expandTo18Decimals,
+} from "./shared/utilities";
+import { abi } from "@uniswap/v2-periphery/build/UniswapV2Router02.json";
+import { abi as factoryAbi } from "@uniswap/v2-periphery/build/IUniswapV2Factory.json";
+import { abi as pairAbi } from "@uniswap/v2-periphery/build/IUniswapV2Pair.json";
+
+describe("BlackJack", function () {
+  let contract: Blackjack;
+  beforeEach(async function () {
+    const BlackJackFactory = <Blackjack__factory>(
+      await ethers.getContractFactory("Blackjack")
+    );
+    contract = await upgrades.deployProxy(BlackJackFactory);
+    await contract.deployed();
+  });
+
+  it("Two calls of random should generate different values", async function () {
+    const result1 = await contract.random();
+    const result2 = await contract.random();
+    expect(result1.value !== result2.value);
+  });
+});
diff --git a/test/JuniorCoin.test.ts b/test/JuniorCoin.test.ts
diff --git a/test/MafaCoin.ts b/test/MafaCoin.ts
