Описание
The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:theethereumlottery:the_ethereum_lottery:-:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00391
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-338
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards.
EPSS
Процентиль: 60%
0.00391
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-338