2 matches found
Attackers can steal all of Ether in ROC (Rasputin Online Coin) token smart contract (CVE-2018–10944)
Abstract I found a vulnerability of a smart contract for ROC aka Rasputin Online Coin, an Ethereum ERC20 token CVE-2018–109441. The requestdividend function has a critical bug similar to Reentrancy attack. Attackers can call the function in multiple times to steal Ether constantly until all of th...
CVE-2018-10944
CVE-2018-10944 concerns ROC (Rasputin Online Coin), an Ethereum ERC20 token. The smart contract’s request_dividend() function is vulnerable: it computes holder_token_balance and holder_profit and then sends Ether to the address without updating the sender’s balance, and it is declared public with...