CVE-2018-14715

HIGH

Cryptogs - Info Disclosure

Title source: llm

Description

The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game.

References (1)

[Various Sources] https://medium.com/%40jonghyk.song/attack-on-pseudo-random-number-generator-prng-used-in-cryptogs-an-ethereum-cve-2018-14715-f63a51ac2eb9

Scores

CVSS v3 7.5

EPSS 0.0037

EPSS Percentile 58.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-338

Status published

Products (1)

cryptogs/cryptogs

Published Aug 03, 2018

Tracked Since Feb 18, 2026