Security Precautions
When integrating with GelatoVRF, it’s essential to take several precautions to ensure the safety and reliability of your application. Here are key considerations:1. State Locking and Front-Running Prevention
After you initiate a request for randomness and before the random number gets delivered, it’s essential to lock the relevant application state in your consumer contract. This step minimizes the risk of front-running attacks.In essence, front-running involves gaining an unfair advantage by making transactions based on foreknowledge of pending transactions. By locking the state, you add an additional layer of security against such tactics.
2. Usage of RNGLib
Instead of using the received randomness directly, consider integrating it with our RNGLib. This approach:- Enables dynamic fetching of random values as required.
- Offers protection against certain bet arbitrage attacks, especially when multiple applications operate simultaneously.
By inheriting from GelatoVRFConsumerBase.sol, your contract will automatically benefit from enhanced security. All fulfilled randomness requests will be dynamically derived from the drand randomness using a pseudo-random number generator (RNG). This is crucial to ensure the uniqueness of values, particularly for concurrent requests, and adds another layer of protection against potential vulnerabilities.