What is entropy illusion vulnerability?<\/p>\n
Blockchain systems offer great opportunities for projects and devs, but like any other system, they have a number of certain limitations. One such limitation is determinism<\/em><\/strong>\u200a\u2014\u200athe property of a system or process that its outcome is unambiguously predetermined by initial conditions, input data and rules (algorithm). Determinism is a necessity to maintain decentralized operation of the blockchain system: each node must produce the same result given the same input\u00a0data.<\/p>\n One vulnerability that can be found during the smart contract audit process is directly related to the determinism of blockchain systems. The issue is called entropy illusion<\/strong>\u200a\u2014\u200aa vulnerability that occurs when developers use such methods and values in their smart contracts to generate randomness that allow an attacker to calculate the \u2018random\u2019 value or manipulate data\u00a0sources.<\/p>\n Entropy represents the measure of uncertainty, disorder, or chaos in a system. The entropy illusion is pseudo-uncertainty, where randomness is computable or manipulatable.<\/p>\n This question is rather rhetorical: without randomness, many successful crypto projects would appear boring and of no interest to anyone. Randomness allows equality of participants, fueling the community\u2019s interest in participating in the blockchain project.<\/p>\n GamesLotteryNFT mining<\/p>\n \u2014 all of these concepts presuppose a fair and equal distribution of opportunities among participants.<\/p>\n Another important use of randomness is related to cryptographic security.<\/p>\n Therefore, the entropy illusion vulnerability in crypto projects can lead to serious consequences like unfair lotteries and minting, hacks, loss of trust and interest of the audience.<\/p>\n Entropy illusion occurs when, during the development of a blockchain project, devs use data sources to generate randomness that can be calculated, controlled, or manipulated by users or\u00a0miners.<\/p>\n For example:<\/p>\n Block timestampsBlock hashesBlock difficulty or gas\u00a0limitTransaction data<\/p>\n Thus, the data, although diverse, will be only illusory random and the crypto project will be vulnerable to\u00a0attacks.<\/p>\n There are several ways to provide truly random values in a cryptoproject. For\u00a0example:<\/p>\n Use trusted solutions for random data generation, for example Chainlink VRF (Verifiable Random Function).Use commit-reveal schemes\u200a\u2014\u200aa type of commitment scheme that can be used for onchain value storing and keeping values secret until explicit disclosure.Use external independent oracles.<\/p>\n Entropy illusion is a vulnerability that can cost a crypto project loss of funds, assets and reputation. Therefore, when developing a smart contract that incorporates randomness, it is important to carefully select the method and random data provider for the project, and to verify and audit the randomness logic implementation in the developed smart contracts.<\/p>\n SmartState: Top-notch smart contract audits & blockchain security solutions<\/p>\n Launched in 2019 and incorporated in Dubai, SmartState is an independent Web3 security company providing top-notch external security audits and enterprise level blockchain security services.<\/p>\n We\u2019ve built a professional team of skilled white-hat hackers, cyber security experts, analysts and developers. The SmartState team have extensive experience in ethical hacking and cyber security, blockchain & Web3 development, financial and economic\u00a0sectors.<\/p>\n We\u2019ve conducted 1000+ security audits so far. None of code audited by SmartState had been hacked. Blockchains like TON, large projects like EYWA, 1inch and CrossCurve & exchanges such as Binance and KuCoin rely on our experience.<\/p>\n \ud83d\ude80 Concerned about your project & assets security? <\/strong>Book free security consultation! Let\u2019s get in touch: <\/strong>info@smartstate.tech<\/strong><\/a><\/p>\n Stay tuned for more updates from SmartState and follow us on social media to learn about our latest auditing services and success\u00a0stories:<\/p>\n Website<\/a>X (formerly Twitter)<\/a>LinkedIn<\/a>Telegram<\/a>Instagram<\/a><\/p>\n Always DYOR. <\/em><\/strong>This article is for informational purposes only, does not constitute legal, financial, investment advice and \/ or professional advice, and we are not responsible for any decisions based on our analysis or recommendations. Always consult with a qualified security expert and conduct thorough testing before deploying smart contracts.<\/em><\/p>\n What is entropy illusion vulnerability?<\/a> was originally published in Coinmonks<\/a> on Medium, where people are continuing the conversation by highlighting and responding to this story.<\/p>","protected":false},"excerpt":{"rendered":" What is entropy illusion vulnerability? Blockchain systems offer great opportunities for projects and devs, but like any other system, they have a number of certain limitations. One such limitation is determinism\u200a\u2014\u200athe property of a system or process that its outcome is unambiguously predetermined by initial conditions, input data and rules (algorithm). Determinism is a necessity […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-82707","post","type-post","status-publish","format-standard","hentry","category-interesting"],"_links":{"self":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts\/82707"}],"collection":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=82707"}],"version-history":[{"count":0,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts\/82707\/revisions"}],"wp:attachment":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=82707"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=82707"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=82707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Why do crypto projects need randomness?<\/h3>\n
How entropy illusion issue\u00a0occurs<\/h3>\n
How to provide randomness for a cryptoproject?<\/h3>\n
Conclusion<\/h3>\n
About SmartState<\/h3>\n
Disclaimer<\/h3>\n