In Ethereum, there are certain applications that rely on random number generation for fairness. However, random number generation is very difficult in Ethereum, and there are several pitfalls worth considering.
Using chain attributes such as: block.timestamp, blockhash, and block.difficulty can seem like a good idea, as they often produce pseudo-random values. The problem however, lies in the ability of a miner to modify these values. For example, in a gambling app with a multi-million dollar jackpot, there is sufficient incentive for a miner to generate many alternative blocks, only choosing the block that will result in a jackpot for the miner. Of course it comes at a substantial cost to control the blockchain like that, but if the stakes are high enough, this can certainly be done.
To avoid miner manipulation in random number generation, there are a few solutions:
- A commitment scheme such as RANDAO, a DAO where the random number is generated by all participants in the DAO.
- External sources via oracles, e.g. Oraclize.
- Using Bitcoin block hashes, as the network is more decentralized and blocks are more expensive to mine.
- https://swcregistry.io/docs/SWC-120
- https://ethereum.stackexchange.com/questions/419/when-can-blockhash-be-safely-used-for-a-random-number-when-would-it-be-unsafe
- https://ethereum.stackexchange.com/questions/191/how-can-i-securely-generate-a-random-number-in-my-smart-contract
- https://github.com/randao/randao
- https://etherscan.io/address/0xcac337492149bdb66b088bf5914bedfbf78ccc18