Pull Based Randomness
Last updated
Last updated
Generating randomness on the blockchain is particularly challenging because the blockchain is a transparent and deterministic system. Every node in the network must agree on the state of the blockchain, making any inherently unpredictable or random element difficult to generate. Traditional random generation methods, like using a seed from a server's current timestamp, can be manipulated or predicted, which poses security risks. Additionally, miners or participants could potentially influence outcomes by choosing to publish or withhold transactions based on the generated randomness.
Our pull-based randomness is an approach to ensure unpredictable and fair randomness by decoupling the generation of randomness from its consumption. This method uses two separate transactions ("initiate action" and "validate action") to secure the randomness and make it tamper-resistant. Here's a step-by-step breakdown of how it works within the given functions.
Timestamp Setting: When the initiate action is done, it sets a future time that indicates when the actual action can validly be executed.
Future Dependency: The randomness for the action is not generated at this stage but will depend on external data (from Pyth.network) available only at or after this future timestamp. This design prevents attackers from predicting or manipulating the randomness because they cannot foresee the exact data from Pyth.network at that future time.
Timestamp Validation: In the validation action, the contract verify if the has been reached. This ensures that the validation only proceeds if the set future time (and presumably the new Pyth data) is available, thus aligning with the time of randomness generation.
Randomness Generation: Randomness is derived by hashing the data from Pyth.network, which is assumed to be fetched as per the future timestamp. This hashed value determines the randomness used in the actual action.
Two-Time Transaction Mechanism: By requiring two transactions separated by time, it discourages manipulation as the attackers can't predict data that doesn't yet exist.
Dependency on External Oracle (Pyth.network): The randomness is based on real-time, unpredictable economic data, which is impossible to predict with perfect accuracy as long as the time between the 1st and 2nd transaction is reasonably far apart.
Delay Enforcement: The use of a delay prevents premature execution of the attack, ensuring that the randomness is based on the data at the specific future point, not before.
The pull-based randomness approach provides a secure and decentralized way to generate randomness by relying on external data that cannot be known until they exists. This method effectively prevents manipulation, ensuring fair gameplay in a decentralized application.
