CVE-2018-17968

HIGH

RuletkaIo - Info Disclosure

Title source: llm

Description

A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.

References (1)

[Exploit, Third Party Advisory] https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17968

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0032

EPSS Percentile 54.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-338

Status published

Products (1)

ruletkaio/ruletkaio

Published Oct 23, 2018

Tracked Since Feb 18, 2026