CVE-2021-33403 – Lancer Token Ethereum ERC20 Token integer overflow (4-8-2021)

Preface: As of 4th Aug, 2021. There are 8106 unique holders of Lancer Token now on total amount 151 377 339,14 LNC.

Background: One of the most significant Ethereum tokens is known as ERC-20. ERC-20 tokens are issued on the Ethereum network. As of October 2019, more than 200,000 ERC-20-compatible tokens exist on Ethereum’s main network.

Vulnerability Details: An integer overflow in the transfer function of a smart contract implementation for Lancer Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses between two large accounts during a transaction.

Reference: The attacker was able to pass a combination of input values that generate large results than the maximum value of uint256 data type can hold. It caused integer overflow and only the least significant bits have been retained. In other words, the uint256 variable reached to the maximum value that can be held and it wraps around by starting from 0. For example, an uint8 (8-bit unsigned integer) can represent maximum value of 28−1=255 (0xff). Multiplying 0x02 by 0x80 causes integer overflow and produces 0x00 as the result (0x02 * 0x80 = 0x100 => 0x00).

Reference article: Please refer to the following link – https://nvd.nist.gov/vuln/detail/CVE-2021-33403

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.