3 matches found
Logic Flaw Vulnerability in HashHeroes Tiles
A security vulnerability exists in the 'determineWinner' function in the smart contract implementation of HashHeroes Tiles, an ethereum-based guessing game. An attacker could exploit this vulnerability to control the awarding of prizes by being the last user to make a purchase...
CVE-2018-17987
HashHeroes Tiles is affected by CVE-2018-17987 in the determineWinner function of its Ethereum smart contract. The vulnerability arises from using a blockhash value to generate a random number when NUM_TILES equals the number of tile Purchases, enabling an attacker to influence the prize by being...
CVE-2018-17987
The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUMTILES equals the number of people who purchased a tile, which allows an attacker to control the...