Critical Vulnerabilities When Using Chainlink's VRF

In this video, Pashov talks about some vulnerabilities which arise while working with Chainlink's Verifiable Random Function (VRF).

Watch the full interview over here: https://youtu.be/4JmqHnkSlFI

Become a Certified Smart Contract Hacker: https://johnnytime.xyz/smart-contract-hacker

He highlights two significant issues. Initially, Pashov uncovers a substantial flaw in a smart contract wallet's execution method, which allowed unauthorized modifications to values not covered by the signature. This vulnerability could potentially lead to malicious exploitation and disruptive actions.

Additionally, Pashov discusses a raffle game operating on the Polygon network, which employs Chainlink VRF for randomness. However, due to a misconfigured property related to request confirmations in VRF version 2, instances of chain reorganizations could cause players to lose rewards. This highlights the importance of meticulously configuring this property to ensure consistent randomness in such applications.

Pashov also shares a super helpful tool - Solodit (https://solodit.xyz/), which you can learn all about in my full tutorial over here:

https://youtu.be/RrZDO7WgZyo

Watch this video for some insights on the critical vulnerabilities associated with Chainlink's VRF and tips on enhancing security practices. ... https://www.youtube.com/watch?v=jnpAaxabj3M