cvedb.io
CVE-2018-15552
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2018-09-07T22:29:01.617 · Last modified 2026-06-17T01:42:44.183

Summary

The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards.

Affected products

theethereumlottery — the_ethereum_lottery

Does this affect you?

Add your gear to cvedb and we'll alert you only when theethereumlottery ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.