VYPR

CVE List

by Team C4b

CVEs (2)

  • CVE-2018-17071HigSep 18, 2018
    risk 0.49cvss 7.5epss 0.01

    The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers…

  • CVE-2018-15552HigSep 7, 2018
    risk 0.49cvss 7.5epss 0.01

    The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function).…