Post
Share your knowledge.
Can you use randomness in non-entry public functions in Move?
I'm new to using randomness in Move programming. The documentation suggests using random only in entry functions. However, I'm considering using randomness to set values, not for branching code. Is it okay to use randomness in a public function in this way?
- Move CLI
- Move
Answers
1Not necessarily. If you define a public function, like foo(Random, SharedObj, ...), an attacker can exploit this by creating a function, say attack(Random, SharedObj, ...), which calls your function. The attacker can then inspect modifications to the shared object, deciding whether to abort the transaction based on its new state. This is similar to an attack described in the Sui documentation on randomness, but involves a shared state. Even if sensitive fields aren't exposed, an attacker could serialize and parse the object's state. Therefore, they could always 'win' or 'abort' but never 'lose'. If this is acceptable for your use case, you could proceed with using a public function and suppress the warning.
Do you know the answer?
Please log in and share it.
Move is an executable bytecode language used to implement custom transactions and smart contracts.