VYPR
Medium severity5.9NVD Advisory· Published Aug 7, 2018· Updated Jun 17, 2026

CVE-2018-12885

CVE-2018-12885

Description

The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards.

Affected products

1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.