A Lottery Solidity Smart Contract

Lottery.sol

pragma solidity ^0.4.21;

contract Lottery {
  address public manager;
  address[] public players;

  constructor() public {
    manager = msg.sender;
  }

  function enter() public payable {
    require(msg.value > .01 ether);

    players.push(msg.sender);
  }

  function random() private view returns (uint) {
    return uint(keccak256(abi.encodePacked(block.difficulty, now, players)));
  }

  function pickWinner() public restricted {
    uint index = random() % players.length;

    players[index].transfer(address(this).balance);

    players = new address[](0);
  }

  function getPlayers() public view returns (address[]) {
    return players;
  }

  modifier restricted() {
    require(msg.sender == manager);
    _;
  }
}

Regarding to to this contract, Can I change the

function enter() public payable { require(msg.value > .01 ether);

players.push(msg.sender);  }<!--EndFragment-->

into a erc20 token? instead of ether?

This smart contract has a security issue. By deploying another contract with the same code, an attacker can figure out who can win. Output is deterministic

@kiknaio why is that a security issue though? Deploying a new instance of the contract will reset the state to its default values. This means that the players array will be filled with different addresses so even if you determine the calculated index, the mapped picked address on the original contract would be different to the one of the new one. If you want to add an extra layer of security, can't you just make the players internal or private so its contents won't be visible to the outside world?

I think there is a backdoor, the 'manager' (who deploy the contract) can figure out the winnning number by invoking the pickWinner function, the 'manager' can then bet on the winning number.

Note: The called function should be payable if you send value and the value you send should be less than your current balance.
Debug the transaction to get more information?