CVE-2018-14715: Weak RNG
First published: Fri Aug 03 2018(Updated: )
The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libmcrypt |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-14715?
CVE-2018-14715 is classified as a high severity vulnerability due to its potential to allow attackers to predict game outcomes.
How do I fix CVE-2018-14715?
To fix CVE-2018-14715, update the smart contracts to use a secure random number generation method instead of relying on old block hashes.
What type of applications are affected by CVE-2018-14715?
CVE-2018-14715 specifically affects Ethereum-based smart contracts, particularly those used in games like Cryptogs.
What can attackers do with CVE-2018-14715?
Attackers can exploit CVE-2018-14715 to predict random numbers generated in the game, allowing them to manipulate outcomes in their favor.
When was CVE-2018-14715 discovered?
CVE-2018-14715 was reported in 2018, drawing attention to vulnerabilities in pseudo-random number generation in smart contracts.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cryptogs
- canonical/libmcrypt