Back to Vulnerability database

OpenAddressLottery Honey Pot

ID Submit date Publish date Author Score
1 10.26.2018 10.26.2018 9.4


If you run the Solidity compiler on that code, it will give you an Uninitialized storage pointer warning. This is because struct variables default to being located in storage, not memory, and s is never assigned to. So it points to address 0, which happens to be where some important things are. (Solidity lays out static-sized state variables in storage in the order in which they appear in the code, starting at address 0.)

The LuckyNumber will be overwritten by tx.gasPrice * 7. No one can win the lottery, since luckyNumberOfAddress is computed modulo 8, but the new value in LuckyNumber will be greater than 7.

(Note that address owner is overwritten by msg.sender from forceReseed, which is the same address.) Vector: BVSS:1.1/B:S/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/CI:N/II:H/AI:H

Original source