Denial of Service Vulnerability in MegaCryptoPolis Smart Contract: Land Purchase Interference

Denial of Service Vulnerability in MegaCryptoPolis Smart Contract: Land Purchase Interference

CVE-2018-13877 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. If a smart contract that has a fallback function always causing exceptions buys a land, users cannot buy lands near that contract's land, because those purchase attempts will not be completed unless the doPayouts() function successfully sends Ether to certain neighbors.

Learn more about our User Device Pen Test.