VYPR
High severity7.5NVD Advisory· Published Jun 17, 2018· Updated Jun 17, 2026

CVE-2018-12454

CVE-2018-12454

Description

The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards.

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.