CVE-2018-12454

The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards.
Configurations

Configuration 1

cpe:2.3:a:1000guess:1000_guess:-:*:*:*:*:*:*:*

Information

Published : 2018-06-17 12:29

Updated : 2018-08-14 05:44


NVD link : CVE-2018-12454

Mitre link : CVE-2018-12454

Products Affected
No products.
CWE
CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)