CVE-2018-12056

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/08/2018
Last modified:
07/11/2023

Description

The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:all-for-one:all_for_one:-:*:*:*:*:*:*:*