CVE-2018-15552
HIGHThe Ethereum Lottery - Predictable Random Number Generation in PayWinner Function
Title source: llmDescription
The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-15552
Scores
CVSS v3
7.5
EPSS
0.0117
EPSS Percentile
63.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-338
Status
published
Products (1)
theethereumlottery/the_ethereum_lottery
Published
Sep 07, 2018
Tracked Since
Feb 18, 2026