CVE-2018-15552

The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards.
References
Link Resource
https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-15552 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:theethereumlottery:the_ethereum_lottery:-:*:*:*:*:*:*:*

Information

Published : 2018-09-07 10:29

Updated : 2019-09-16 03:38


NVD link : CVE-2018-15552

Mitre link : CVE-2018-15552

Products Affected
No products.
CWE
CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)