CVE-2018-12056 (all_for_one)
-
The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12056
© Lightnetics 2024