A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-10-23T21:00:00
Updated: 2024-08-05T11:01:14.502Z
Reserved: 2018-10-01T00:00:00
Link: CVE-2018-17877
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-10-23T21:30:53.657
Modified: 2024-11-21T03:55:07.163
Link: CVE-2018-17877
Redhat
No data.