CVE CVE-2018-17877 Mappings

A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2018-17877 n/a uncategorized T0828 Loss of Productivity and Revenue
CVE-2018-17877 n/a uncategorized T1565 Data Manipulation