CVE-2018-12885

Name of the Vulnerable Software and Affected Versions MyCryptoChamp (affected versions not specified)

Description The issue concerns the randMod() function in the smart contract implementation of MyCryptoChamp, an Ethereum game. This function generates a random value using publicly readable variables, such as the current block information, and a private variable that can be accessed through a getStorageAt call. As a result, attackers can predict and manipulate the generation of random values, allowing them to obtain powerful champs or items and receive rewards.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.