RSS   Vulnerabilities for 'Hashheroes'   RSS

2018-12-26
 
CVE-2018-17987

CWE-330
 

 
The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an attacker to control the awarding of the prize by being the last person to purchase a tile.

 


Copyright 2024, cxsecurity.com

 

Back to Top