CVE-2018-17987

Name of the Vulnerable Software and Affected Versions HashHeroes Tiles (affected versions not specified)

Description The issue concerns the determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game. This function uses a certain blockhash value in an attempt to generate a random number for the case where NUM TILES equals the number of people who purchased a tile. As a result, an attacker can control the awarding of the prize by being the last person to purchase a tile.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.