CVE-2018-17071

N/A

Beschreibung

The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers can purchase a ticket at a low price by directly calling the fallback function with small msg.value, because the developer set the currency unit incorrectly. Therefore, it allows attackers to always win and get rewards.

CVE Details

CVSS v3.1 BewertungN/A

Veroffentlicht9/18/2018

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

lucky9:lucky9io

Schwachen (CWE)

CWE-338

Referenzen

https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17071(cve@mitre.org)

https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17071(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.