National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:1000guess:1000_guess:-
There are 1 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-12454

The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards.

Published: June 17, 2018; 08:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM