CVE-2018-12056

The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards.
Configurations

Configuration 1

cpe:2.3:a:all-for-one:all_for_one:-:*:*:*:*:*:*:*

Information

Published : 2018-08-15 05:29

Updated : 2019-06-24 09:15


NVD link : CVE-2018-12056

Mitre link : CVE-2018-12056

Products Affected
No products.
CWE
CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)