exploitDog

CVE-2018-17877

Опубликовано: 23 окт. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.

Ссылки

https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17877
Exploit
Third Party Advisory
https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17877
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:greedy599:greedy_599:-:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00316

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-338

Связанные уязвимости

GHSA-qp5m-38pc-fmj4

CVSS3: 7.5

github

больше 3 лет назад

A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.

EPSS

Процентиль: 54%

0.00316

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-338