Description
[Moderate] Insecure randomness algorithm usage
Summary
The source of randomness configured in the runtime for the society pallet is set to pallet_insecure_randomness_collective_flip, which is implemented in Substrate.
The output of collective flip is highly predictable as it is based on the last 81 blocks and should not be used as a true source of randomness.
Issue details
The RandomnessCollectiveFlip definition for Hashed's parachain runtime is set to pallet_insecure_randomness_collective_flip:
// Create the runtime by composing the FRAME pallets that were previously configured.
construct_runtime!(
pub enum Runtime
{
...
RandomnessCollectiveFlip: pallet_insecure_randomness_collective_flip::{Pallet, Storage} = 82,
Society: pallet_society::{Pallet, Call, Storage, Event<T>} = 83,
...
}
};The runtime config for pallet-society makes use of the RandomnessCollectiveFlip pallet defined in the above construct_runtime!:
impl pallet_society::Config for Runtime {
type RuntimeEvent = RuntimeEvent;
type PalletId = SocietyPalletId;
type Currency = Balances;
type Randomness = RandomnessCollectiveFlip;Risk
A malicious collator could influence the randomness, which is being used by the society pallet.
Mitigation
Use a secure randomness, either with the usage of an oracle of a project like drand or a secure library.
You can also consider using the BABE pallet, as described in the Substrate documentation. Check out Kusama's runtime configuration for an example.