Vulnerability Details CVE-2018-17968
A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 64.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References