CVE-2018-17877

Name of the Vulnerable Software and Affected Versions Greedy 599 (affected versions not specified)

Description The issue concerns a lottery smart contract implementation for Greedy 599, an Ethereum gambling game. It generates a random value that can be predicted through an external contract call. An attacker can bypass the protection mechanism, which uses the extcodesize() function, by embedding the core code in the constructor of their exploit contract. This allows attackers to consistently win and receive rewards.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.