Vulnerabilities

CVE-2018-15552

by Fred · 07/09/2018

The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards.

Date published : 2018-09-07

https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-15552

Similar

Tags: Cybersecurity Alert