Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update EVM Randomness docs #927

Merged
merged 4 commits into from
Oct 1, 2024
Merged

Update EVM Randomness docs #927

Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bdaaad6
update evm vrf docs
sisyphusSmiling Sep 30, 2024
77c7f48
Merge branch 'main' into gio/fix-random-link
sisyphusSmiling Sep 30, 2024
c3a5645
format evm vrf docs
sisyphusSmiling Sep 30, 2024
d543f9b
Apply suggestions from code review
sisyphusSmiling Oct 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 49 additions & 23 deletions docs/evm/guides/vrf.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,16 @@ sidebar_position: 6

## **Introduction**

Flow provides secure, native on-chain randomness that developers can leverage through Cadence Arch, a precompiled contract available on the Flow EVM environment. This guide will walk through how Solidity developers can use Cadence Arch to access Flow’s verifiable randomness using Solidity.
Flow provides secure, native on-chain randomness that developers can leverage through Cadence Arch, a precompiled
contract available on the Flow EVM environment. This guide will walk through how Solidity developers can use Cadence
Arch to access Flow’s verifiable randomness using Solidity.

### **What is Cadence Arch?**

[Cadence Arch](https://github.com/onflow/flips/blob/main/protocol/20231116-evm-support.md#cadence-arch) is a precompiled smart contract that allows Solidity developers on Flow EVM to interact with Flow’s randomness and other network features like block height. This contract can be accessed using its specific address, and Solidity developers can make static calls to retrieve random values and other information.
[Cadence Arch](https://github.com/onflow/flips/blob/main/protocol/20231116-evm-support.md#cadence-arch) is a precompiled
smart contract that allows Solidity developers on Flow EVM to interact with Flow’s randomness and other network features
like block height. This contract can be accessed using its specific address, and Solidity developers can make static
calls to retrieve random values and other information.

---

Expand Down Expand Up @@ -44,9 +49,10 @@ Flow provides secure, native on-chain randomness that developers can leverage th

![image.png](./vrf-1.png)

## **Obtaining FLOW for Testnet**
## **Obtaining Testnet FLOW**

You can fund your account with testnet FLOW using the [Flow Faucet](https://testnet-faucet.onflow.org/fund-account). Enter your Flow-EVM testnet address, and you’ll receive testnet FLOW tokens to interact with smart contracts.
You can fund your account with testnet FLOW using the [Flow Faucet](https://testnet-faucet.onflow.org/fund-account).
Enter your Flow-EVM testnet address, and you’ll receive testnet FLOW tokens to interact with smart contracts.

---

Expand Down Expand Up @@ -79,11 +85,13 @@ contract CadenceArchCaller {

1. **Cadence Arch Address**:

The `cadenceArch` variable stores the address of the Cadence Arch precompiled contract (`0x0000000000000000000000010000000000000001`), which is constant across Flow EVM.
The `cadenceArch` variable stores the address of the Cadence Arch precompiled contract
(`0x0000000000000000000000010000000000000001`), which is constant across Flow EVM.

2. **Revertible Random**:

The `revertibleRandom()` function makes a static call to the `revertibleRandom()` function to fetch a pseudo-random number. If the call is successful, it decodes the result as a `uint64` random value.
The `revertibleRandom()` function makes a static call to the `revertibleRandom()` function to fetch a pseudo-random
sisyphusSmiling marked this conversation as resolved.
Show resolved Hide resolved
number. If the call is successful, it decodes the result as a `uint64` random value.

---

Expand Down Expand Up @@ -112,7 +120,8 @@ contract CadenceArchCaller {

After deployment, you can interact with the contract to retrieve a random number.

Call the `revertibleRandom()` function in the left sidebar on the deployed contract. This will fetch a pseudo-random number generated by Flow’s VRF.
Call the `revertibleRandom()` function in the left sidebar on the deployed contract. This will fetch a pseudo-random
number generated by Flow’s VRF.

![image.png](./vrf-6.png)

Expand All @@ -122,40 +131,57 @@ The result will be a `uint64` random number generated on Flow EVM.

## **Generating Random Numbers in a Range**

For use-cases like games and lotteries, it’s useful to generate a random number within a specified range, the following example shows how to get a value between a min and max number.
For use-cases like games and lotteries, it’s useful to generate a random number within a specified range, the following
example shows how to get a value between a min and max number.

```solidity
// SPDX-License-Identifier: GPL-3.0
pragma solidity >=0.7.0 <0.9.0;

contract RandomInRange {
address constant public cadenceArch = 0x0000000000000000000000010000000000000001;
address constant public cadenceArch = 0x0000000000000000000000010000000000000001;

// Generate a random number between min and max
function getRandomInRange(uint64 min, uint64 max) public view returns (uint64) {
// Static call to the Cadence Arch contract's revertibleRandom function
(bool ok, bytes memory data) = cadenceArch.staticcall(abi.encodeWithSignature("revertibleRandom()"));
require(ok, "Failed to fetch a random number through Cadence Arch");
uint64 randomNumber = abi.decode(data, (uint64));
// Generate a random number between min and max
function getRandomInRange(uint64 min, uint64 max) public view returns (uint64) {
// Static call to the Cadence Arch contract's revertibleRandom function
(bool ok, bytes memory data) = cadenceArch.staticcall(abi.encodeWithSignature("revertibleRandom()"));
require(ok, "Failed to fetch a random number through Cadence Arch");
uint64 randomNumber = abi.decode(data, (uint64));

// Return the number in the specified range
return (randomNumber % (max + 1 - min)) + min;
// Return the number in the specified range
return (randomNumber % (max + 1 - min)) + min;
}
}
```

:::warning The above code is susceptible to the [modulo
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

bias](https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/),
particularly if your desired range is not a multiple of the random number range. To avoid this, you can use a more
sisyphusSmiling marked this conversation as resolved.
Show resolved Hide resolved
complex algorithm like rejection sampling, an example for which is provided in [this
repository](https://github.com/onflow/random-coin-toss). :::

## **Secure Randomness with Commit-Reveal Scheme in Solidity**

The **`revertibleRandom()`** function can be directly used to generate a pseudo-random number. However, in certain situations, especially involving untrusted users, this function exposes a vulnerability: the ability of a transaction to **revert after seeing the random result**.
The **`revertibleRandom()`** function can be directly used to generate a pseudo-random number. However, in certain
situations, especially involving untrusted callers, this function exposes a vulnerability: the ability of a transaction
to **revert after seeing the random result**.

**The Issue with Using `revertibleRandom()` Directly:**

- When an untrusted party calls a contract function that uses `revertibleRandom()`, they receive the random number **during the transaction execution**.
- **Post-selection** is the ability of the caller to abort the transaction if the random outcome is unfavorable. In this case, the user could choose to revert the transaction (for example, if they lose a bet) and attempt to call the function again in hopes of a better outcome.
- This can lead to a form of **transaction reversion attack**, where the randomness can be exploited to repeatedly attempt transactions until a favorable result is obtained.
- When an untrusted party calls a contract function that uses `revertibleRandom()`, they receive the random number
**during the transaction execution**.
- **Post-selection** is the ability of the caller to abort the transaction if the random outcome is unfavorable. In this
case, the user could choose to revert the transaction (for example, if they lose a bet) and attempt to call the
function again in hopes of a better outcome.
- This can lead to a form of **transaction reversion attack**, where the randomness can be exploited by repeatedly
attempting transactions until a favorable result is obtained.

## Read More

For further details on Flow’s randomness and secure development practices, check out the [Flow Randomness Documentation](https://developers.flow.com/build/advanced-concepts/randomness). You can also view an exammple in both Solidity and Cadence of a [cointoss implentation](https://github.com/onflow/random-coin-toss) using the VRF.
For further details on Flow’s randomness and secure development practices, check out the [Flow Randomness
Documentation](https://developers.flow.com/build/advanced-concepts/randomness).

You can also view an example in both Solidity and Cadence of a [random coin toss
implentation](https://github.com/onflow/random-coin-toss) using the VRF.

_This documentation was contributed by Noah Naizir, a community developer._
_This documentation was contributed by [Noah Naizir](https://x.com/noah_overflow), a community developer._
Loading