CVE-2018-13877 Information

Description

The doPayouts() function of the smart contract implementation for MegaCryptoPolis an Ethereum game has a Denial of Service vulnerability. If a smart contract that has a fallback function always causing exceptions buys a land users cannot buy lands near that contract’s land because those purchase attempts will not be completed unless the doPayouts() function successfully sends Ether to certain neighbors.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://medium.com/coinmonks/denial-of-service-dos-attack-on-megacryptopolis-an-ethereum-game-cve-2018-13877-cdd7f7ef8b08

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5