High severity7.5NVD Advisory· Published Oct 23, 2018· Updated Jun 17, 2026
CVE-2018-17877
CVE-2018-17877
Description
A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17877nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.