High severity7.5NVD Advisory· Published Sep 18, 2018· Updated Jun 17, 2026
CVE-2018-17071
CVE-2018-17071
Description
The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers can purchase a ticket at a low price by directly calling the fallback function with small msg.value, because the developer set the currency unit incorrectly. Therefore, it allows attackers to always win and get rewards.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17071nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.