Blockhash Dependence

What it detects

This detector flags uses of the blockhash opcode or blockhash() function to influence important outcomes. Since miners can manipulate block hashes for recent blocks, basing randomness or checks on them is unsafe.

Typical symptoms

Lotteries or selections derived from blockhash
Conditional logic comparing a hashed value to blockhash results

Solidity snippet (v0.8.25)

pragma solidity ^0.8.25;

contract HashGame {
    function roll() external view returns (uint256) {
        // Vulnerable: miner can affect previous block hash
        return uint256(blockhash(block.number - 1));
    }
}

Why it matters on EVM

Blockhash-based randomness allows miners to bias games or predictions, undermining fairness and enabling manipulation.

What it detects​

Typical symptoms​

Solidity snippet (v0.8.25)​

Why it matters on EVM​

What it detects

Typical symptoms

Solidity snippet (v0.8.25)

Why it matters on EVM