CVE-2018-12885

The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mycryptochamp:mycryptochamp:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-08-07 15:29

Updated : 2024-02-28 16:48


NVD link : CVE-2018-12885

Mitre link : CVE-2018-12885

CVE.ORG link : CVE-2018-12885


JSON object : View

Products Affected

mycryptochamp

  • mycryptochamp
CWE
CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)