CVE-2018-17877
HIGHGreedy 599 - Predictable Random Value Generation via External Contract Call
Title source: llmDescription
A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17877
Scores
CVSS v3
7.5
EPSS
0.0164
EPSS Percentile
73.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-338
Status
published
Products (1)
greedy599/greedy_599
Published
Oct 23, 2018
Tracked Since
Feb 18, 2026