CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-12454

The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.1%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://medium.com/%40jonghyk.song/attack-on-pseudo-random-number-generator-prng-used-in-1000-guess-an-ethereum-lottery-game-7b76655f953d
https://medium.com/%40jonghyk.song/attack-on-pseudo-random-number-generator-prng-used-in-1000-guess-an-ethereum-lottery-game-7b76655f953d

Products affected by CVE-2018-12454

1000guess » 1000 Guess » Version: N/A

cpe:2.3:a:1000guess:1000_guess:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12454

Products

Pricing

Contact Us