RSS   Vulnerabilities for 'All for one'   RSS

2018-08-15
 
CVE-2018-12056

CWE-338
 

 
The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards.

 


Copyright 2018, cxsecurity.com

 

Back to Top