CVE-2018-17877 in Greedy 599
Summary
by MITRE
A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 04/06/2020
The vulnerability identified in CVE-2018-17877 represents a critical flaw in the random number generation mechanism of a smart contract implementation for the Ethereum-based gambling platform Greedy 599. This vulnerability stems from a fundamental misunderstanding of how blockchain randomness can be properly secured, creating a scenario where attackers can predict and manipulate outcomes to their advantage. The smart contract's pseudo-random number generation relies on external contract calls that should have provided sufficient entropy for gambling operations, but the implementation contains a critical design flaw that undermines this security model.
The technical flaw manifests through the contract's reliance on the extcodesize() function as a security measure to prevent malicious contract interactions. This function checks the size of the code at a given address, theoretically preventing calls to contracts without code. However, attackers exploited this mechanism by implementing their malicious code within the constructor of their exploit contract, effectively bypassing the intended security check. The constructor executes before the contract is fully deployed, allowing the malicious code to exist in the contract's bytecode without being detected by extcodesize() checks. This bypass demonstrates a sophisticated understanding of Ethereum's execution model and contract lifecycle management, leveraging the platform's specific behaviors to circumvent the security controls.
The operational impact of this vulnerability is severe and directly affects the integrity of the gambling platform's core functionality. Attackers can predict the random numbers generated by the smart contract implementation, enabling them to always win their bets and systematically extract rewards from the platform. This creates a situation where the entire economic model of the gambling game becomes compromised, as the randomness that should be unpredictable becomes entirely controllable by malicious actors. The vulnerability essentially transforms a probabilistic gaming system into a deterministic one that attackers can exploit for financial gain, undermining the fundamental trust and fairness that users expect from such platforms.
The vulnerability aligns with CWE-330 Use of Insufficiently Random Values, which specifically addresses the use of weak randomness in security-sensitive contexts. It also maps to ATT&CK technique T1059.006 Command and Scripting Interpreter: Python, as attackers likely used scripting languages to develop their exploit code, and T1210 Exploitation of Remote Services, since the vulnerability exists in a remote smart contract that can be exploited through external calls. The implementation fails to meet basic security requirements for cryptographic randomness in blockchain environments, as outlined in the Ethereum Smart Contract Security Best Practices guidelines. Organizations should implement robust randomness generation using verifiable random functions or blockchain-based entropy sources that cannot be manipulated by attackers. The incident underscores the importance of thorough security auditing of smart contracts, particularly those handling financial transactions and gambling operations, as well as the need for understanding the specific execution characteristics of blockchain platforms when designing security controls.
This vulnerability demonstrates the critical importance of understanding blockchain-specific attack vectors and the potential for seemingly simple security measures to be bypassed through sophisticated exploitation techniques. The flaw represents a failure in the security design phase, where the developers did not fully consider all possible attack surfaces and execution paths within the Ethereum virtual machine. The incident serves as a cautionary example for smart contract developers and auditors, emphasizing that security controls must account for the unique properties and behaviors of blockchain platforms rather than relying on traditional security assumptions. Proper implementation of cryptographic randomness in smart contracts requires careful consideration of the underlying platform's execution model and the potential for code manipulation during contract deployment phases.