7 matches found
EUVD-2018-4039
Malware in sbrugna...
Code injection
A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize function to prevent a malicious contract from being called, but the attacker can bypass it by writing t...
Design/Logic Flaw
The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entrynumber. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers can purchase a tick...
Design/Logic Flaw
The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards...
Information disclosure
The addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable which can be read with a getStorageAt call. Therefore, it allows...
CVE-2018-12454
The addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable which can be read with a getStorageAt call. Therefore, it allows...
CVE-2018-12454
The addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable which can be read with a getStorageAt call. Therefore, it allows...