2 matches found
CVE-2018-15552
The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" which is private, yet predictable and readable by the eth.getStorageAt function. Therefore, it allow...
CVE-2018-15552
The CVE describes a vulnerability in the PayWinner function of a simplelottery smart contract used by The Ethereum Lottery. The root cause is that the function uses the publicly readable storage variable maxTickets (private in code) to generate a random value, which is readable via eth.getStorage...