does anyone know how to deploy pancakeswap-lottery and randomnumbergenerator contracts?
Dec 23, 2021, 11:24 AM
You simply need to use some unique hash as random source
Dec 23, 2021, 11:25 AM
Lol don't do that, for random numbers use chainlink or another oracle
Dec 23, 2021, 11:26 AM
Block hash are not known while block did not mained.
I already seen games service that worked on such principle
Dec 23, 2021, 11:29 AM
Because you can't use hash during the transaction process so you have to take previous one, an attacker might too.
I don't think it's safu
When someone use blockhash for random numbers it might be something which does not require the security, like creating random color for a NFT. But not for lottery.
Dec 23, 2021, 11:36 AM
No, you need not take previous hash.
It is like numbers in loto. When it was received you need not be worry for security.
5 blocks hashes = 5 loto numbers.
Looks simple and safe on my mind.
It is like numbers in loto. When it was received you need not be worry for security.
5 blocks hashes = 5 loto numbers.
Looks simple and safe on my mind.
Dec 23, 2021, 11:38 AM
If you use rand functions used for funds like transfer etc. and don't want to be hacked, use oracles.
Dec 23, 2021, 11:38 AM
And also it is opacity for users
Okay, thanks for your advice
Dec 23, 2021, 11:39 AM
To generate a pseudo-random number, you need seed. Hiding your seed on blockchain is not possible, because everything is visible to everyone. It might be tempting to use one of the apparently “hard-to-predict” block variables – like block-hash and block timestamp as a source of entropy, but these variables can be to the certain extent predicted and influenced by miners. Malicious miner can precalculate block-hash or set block timestamp to the desired value to exploit contract’s function relying on the unpredictability of block variables.
Dec 23, 2021, 11:47 AM
doesn't randomnumbergenerator contract do that already?
correct me if i am wrong, but pcs uses RandomNumberGenerator for its lottery contract Right?
Dec 23, 2021, 12:00 PM
+
V1 is only eth
if he gets tokens he can sell them
are you asking how he got the tokens in the first place?
Dec 23, 2021, 1:42 PM
yes
he got tokens without buying and also he got like 90% of the lp pool
Dec 23, 2021, 1:43 PM
I looking the transaction and i saw as het get through transfer method )
Maybe try to verify your contract
Dec 23, 2021, 1:45 PM
yeah but he didn't buy
CA is verified
CA is verified
Dec 23, 2021, 1:45 PM
you typicallyt dont call tranfser directly
Dec 23, 2021, 1:45 PM
he used another contract to mint himself token
Dec 23, 2021, 1:45 PM
if your contract doesnt have exposed mint capability then he cant mint tokens
Dec 23, 2021, 1:46 PM
in fact he used another contract which is not verified
Dec 23, 2021, 1:47 PM
yeah (
https://bscscan.com/token/0xd1d3d6fe1b56c6a6e87c5475103b3a5b965abc97?a=0x5b26b5302328ab55af56a3361458447848d26595
Dec 23, 2021, 1:49 PM
The function he called doesnt have a signature in the ethereum signature database so its a custom contract: https://www.4byte.directory/signatures/?bytes4_signature=0x51ee47cf
Dec 23, 2021, 1:49 PM
What is this page? 🤔
Dec 23, 2021, 1:52 PM
Maybe, database all default method
Dec 23, 2021, 1:52 PM
https://bscscan.com/tx/0x49036854887dcca4a94d37cc6827791dff7b4e4714eafe27218f7e1503178353
Dec 23, 2021, 1:54 PM
he exploited mint function
Dec 23, 2021, 1:55 PM
how? There is no mint function
Dec 23, 2021, 1:55 PM
how
Dec 23, 2021, 1:55 PM
and he got tokens from LP
Dec 23, 2021, 1:55 PM
Somebody know ?)
😢
Dec 23, 2021, 2:25 PM