Back to Vulnerability database

GovernMental unpredictable state

ID Submit date Publish date Author Score
1 10.26.2018 10.26.2018 8.0

Decription

In this case, the attacker is a miner, who also impersonates a player. Being a miner, she can choose not to include in blocks the transactions directed to GovernMental, except for her own, in order to be the last player in the round. Furthermore, the attacker can reorder the transactions, such that her one will appear first: indeed, by playing first and by choosing a suitable amount of ether to invest, she can prevent other players to join the scheme (line 14), so resulting the last player in the round. This attack exploits the “unpredictable state” vulnerability, since players cannot be sure that, when they publish a transaction to join the scheme, the invested ether will be enough to make this operation succeed. Vector: BVSS:1.1/B:N/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H/CI:N/II:H/AI:H

Component

Smart contract

Platform

Ethereum

Subclass

Unpredictable state

Comments