2 matches found
All For One Information Disclosure Vulnerability
All For One is an Ether-based gambling game. An information disclosure vulnerability exists in the 'maxRandom' function in All For One's smart contract implementation, which stems from the program's use of publicly readable variables to generate arbitrary values. An attacker could use the...
CVE-2018-12056
The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards...