CVE-2018-17968
HIGHRuletkaIo - Predictable Random Value Generation via Blockchain Timestamp and Hash
Title source: llmDescription
A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17968
Scores
CVSS v3
7.5
EPSS
0.0121
EPSS Percentile
64.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-338
Status
published
Products (1)
ruletkaio/ruletkaio
Published
Oct 23, 2018
Tracked Since
Feb 18, 2026