RSS   Vulnerabilities for 'The ethereum lottery'   RSS

2018-09-07
 
CVE-2018-15552

CWE-338
 

 
The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards.

 

 >>> Vendor: Theethereumlottery 2 Products
Theethereumlottery
The ethereum lottery


Copyright 2024, cxsecurity.com

 

Back to Top