The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-338,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mycryptochamp | mycryptochamp | - |