6 matches found
EUVD-2018-4425
Malware in sbrugna...
EUVD-2018-4039
Malware in sbrugna...
EUVD-2018-9618
Malware in sbrugna...
CVE-2018-17877
A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize function to prevent a malicious contract from being called, but the attacker can bypass it by writing t...
CVE-2018-15552
The CVE describes a vulnerability in the PayWinner function of a simplelottery smart contract used by The Ethereum Lottery. The root cause is that the function uses the publicly readable storage variable maxTickets (private in code) to generate a random value, which is readable via eth.getStorage...
CVE-2018-12056
The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards...