PT-2018-11185 · Ethereum · Simplelottery Smart Contract
Publicado
2018-06-17
·
Atualizado
2018-08-14
·
CVE-2018-12454
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
simplelottery smart contract implementation for 1000 Guess (affected versions not specified)
Description
The issue concerns the
addguess function of the simplelottery smart contract implementation, which is used in the 1000 Guess Ethereum gambling game. This function generates a random value using publicly readable variables, such as the current block information, and a private variable that can be accessed through a getStorageAt call. As a result, attackers can predict the outcome and always win, allowing them to claim rewards.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Simplelottery Smart Contract