Lucky9io has a logic flaw vulnerability

Lucky9io is an ethereum-based virtual gambling game.A security vulnerability exists in Lucky9io's implementation of a simple lotto smart contract, which stems from the use of a fallback function to generate random values using the publicly readable variable entrynumber. An attacker could exploit...

CVE-2018-17071

The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entrynumber. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers can purchase a tick...

CVE-2018-17071

The CVE (CVE-2018-17071) concerns the fallback function of a simple lottery smart contract used in Lucky9io, an Ethereum gambling game. The vulnerability arises because the contract generates a random value using the publicly readable storage variable entry_number, which is privately defined but ...

CVE-2018-17071

The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entrynumber. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers can purchase a tick...