PT-2018-12245 · Megacryptopolis · Megacryptopolis

Published

2018-08-06

Updated

2018-10-16

CVE-2018-13877

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions MegaCryptoPolis (affected versions not specified)

Description The issue concerns a Denial of Service vulnerability in the doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game. This vulnerability can be triggered when a smart contract with a fallback function that always causes exceptions purchases land. As a result, users are unable to buy lands near the contract's land because the purchase attempts will not be completed unless the doPayouts() function successfully sends Ether to certain neighbors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-13877

Affected Products

Megacryptopolis

PT-2018-12245 · Megacryptopolis · Megacryptopolis

CVE-2018-13877

Weakness Enumeration

Related Identifiers

Affected Products

References · 2