CVE-2018-15552

Name of the Vulnerable Software and Affected Versions The Ethereum Lottery (affected versions not specified)

Description The issue concerns the "PayWinner" function of a simplelottery smart contract implementation, which generates a random value. This value is influenced by the maxTickets variable, intended to be private but is predictable and readable through the eth.getStorageAt function. As a result, attackers can exploit this to always win and receive rewards.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.