CVE-2018-17968

A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.
PRNG
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
ruletkaioruletkaio
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17968
https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17968