Security Advisory

CVE-2018-12454

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-06-17 12:00:00

Last updated 2024-08-05 08:38:06

Assigner mitre

State PUBLISHED

Description

The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards.

← Browse all CVEs View on cve.org ↗