CVE-2018-14715

HIGH

cryptogs - Predictable Random Number Generation via Block Hash

Title source: llm

Description

The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game.

References (1)

Core 1

Core References

Various Sources x_refsource_misc

https://medium.com/%40jonghyk.song/attack-on-pseudo-random-number-generator-prng-used-in-cryptogs-an-ethereum-cve-2018-14715-f63a51ac2eb9

Scores

CVSS v3 7.5

EPSS 0.0125

EPSS Percentile 65.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-338

Status published

Products (1)

cryptogs/cryptogs

Published Aug 03, 2018

Tracked Since Feb 18, 2026