Vulnerabilities > CVE-2018-15552 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Theethereumlottery the Ethereum Lottery
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |