CVE-2018-12975 in CryptoSagainfo

Summary

The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call). Therefore, attackers can precompute the random number and manipulate the game (e.g., get powerful characters or get critical damages).

Once again VulDB remains the best source for vulnerability data.

Reservation

06/28/2018

Disclosure

09/24/2018

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
124426	CryptoSaga random RNG weak prng	338	Not defined	Not defined	CVE-2018-12975

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!