CVE-2018-12975

Name of the Vulnerable Software and Affected Versions CryptoSaga (affected versions not specified)

Description The issue concerns the random() function in the smart contract implementation of CryptoSaga, an Ethereum game. This function generates a random value using publicly readable variables such as timestamp, the current block's blockhash, and a private variable that can be accessed through a getStorageAt call. As a result, attackers can precompute the random number, potentially allowing them to manipulate the game by obtaining powerful characters or inflicting critical damages.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.