CVE-2018-12885

The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards.
Configurations

Configuration 1

cpe:2.3:a:mycryptochamp:mycryptochamp:-:*:*:*:*:*:*:*

Information

Published : 2018-08-07 03:29

Updated : 2018-10-18 02:40


NVD link : CVE-2018-12885

Mitre link : CVE-2018-12885

Products Affected
No products.
CWE
CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)