exploitDog

CVE-2018-17968

Опубликовано: 23 окт. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.

Ссылки

https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17968
Exploit
Third Party Advisory
https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17968
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ruletkaio:ruletkaio:-:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00316

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-338

Связанные уязвимости

GHSA-86g8-6g97-8fhv

CVSS3: 7.5

github

больше 3 лет назад

A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.

EPSS

Процентиль: 54%

0.00316

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-338

Уязвимость CVE-2018-17968