Quote:
Attacker passes int greater than max (positive)
–> value wraps around to the min (negative!)
Can cause unexpected program behavior, possible buffer overflow exploits
The existing market cap of Ether (ETH) is more than Ripple and Litecoin, although it’s far behind Bitcoin (BTC). Ethereum contains potential market power. But integer overflow is the enemy of Ethereum. It is possible to scare the investor when related incident occurs.
What is the modulus in math?
Notice that the numbers on the clock go up to twelve, and then they start over.
In mathematics, this circular counting is called modular arithmetic, and the number 12 in this example is called a modulus.
Above theory bring an idea that when modulus reach limit then it will reset to zero.
For instance, the owner of the smartcontract could set sellPrice
and buyPrice
using setPrices()
function. For example, after some transactions, the owner could set sellPrice to 0x8000000000000000000000000000000000000000000000000000000000000000 (modulus). When some user wanted to sell 2 ETCBKs for ETHs back,amount * sellPrice
equals 0. Thus the seller gave out 2 ETCBKs but none ETHs was retrieved. The contract still kept it, which makes this token unsafe. An overflow condition gives incorrect results and, particularly if the possibility has not been anticipated, can compromise a program’s reliability and security.
Theoretically, the programming language contain “Safe Math” can protect integer overflow/underflow won’t happen.
Below table of contents displayed the Integer overflow handling status in various programming languages.
Integer overflow handling in various programming languages Language |
Unsigned integer | Signed integer |
Ada | modulo the type’s modulus | raise Constraint_Error |
C/C++ | modulo power of two | undefined behavior |
C# | modulo power of 2 in unchecked context; System.OverflowException is raised in checked cont | |
Java | N/A | modulo power of two |
JavaScript | all numbers are double-precision floating-point | |
MATLAB | Builtin integers saturate. Fixed-point integers configurable to wrap or saturate | |
Python 2 | N/A | convert to long type (bigint) |
Seed7 | N/A | raise OVERFLOW_ERROR |
Scheme | N/A | convert to bigNum |
Simulink | configurable to wrap or saturate | |
Smalltalk | N/A | convert to LargeInteger |
Swift | Causes error unless using special overflow operato |
This could happen whenever you are doing arithmetic operations such as + , – , * . When using the SafeMath library, the results of this operations will be checked and an error will be thrown stopping the execution of your smart contract.
Solidity can doing the magic
With Solidity feature, you can call the public functions defined by your library. The SafeMath library to protect from inputs that could make your contract do unexpected things after overflow or underflow leading arithmetic operations.
Perhaps former cryptocurrency not used Solidity library and there it is possible let attacker conduct the integer overflow attacks. Below is the most update CVE status on Jul 2018.
ethereum — aichain_token | The mintToken function of a smart contract implementation for AIChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13175 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AIChain |
ethereum — air-contact_token | The mintToken function of a smart contract implementation for Air-Contact Token (AIR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13179 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AirContactToken |
ethereum — alex_token | The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13162 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ALEX%20%28ALEX%29 |
ethereum — appcoins_token | The mintToken function of a smart contract implementation for appcoins (APPC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13185 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/appcoins |
ethereum — assettoken | The mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13158 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AssetToken |
ethereum — athleticoin_token | The mintToken function of a smart contract implementation for AthletiCoin (ATHA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13166 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AthletiCoin |
ethereum — atlant_token | ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | CVE-2018-11429 | https://github.com/dwfault/AirTokens/tree/master/ATLANT |
ethereum — azuriontoken | The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13068 | https://github.com/VenusADLab/EtherTokens/blob/master/AzurionToken/AzurionToken.md |
ethereum — bankcoin_token | The mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13159 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bankcoin |
ethereum — betcash_token | The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13076 | https://github.com/VenusADLab/EtherTokens/blob/master/Betcash/Betcash.md |
ethereum — bitotal_token | Bitotal (TFUND) is a smart contract running on Ethereum. The mintTokens function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | CVE-2018-13130 | https://github.com/dwfault/AirTokens/tree/master/Bitotal |
ethereum — bittelux_token | The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. | CVE-2018-13326 | https://github.com/safecomet/EtherTokens/blob/master/Bittelux%20%28BTX%29/Bittelux%20%28BTX%29.md |
ethereum — bonustoken | The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13156 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bonusToken |
ethereum — bzxcoin_token | The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13172 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bzxcoin |
ethereum — carbon_exchange_coin_token | The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13075 | https://github.com/VenusADLab/EtherTokens/blob/master/CarbonExchangeCoinToken/CarbonExchangeCoinToken.md |
ethereum — ccindex10_token | The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13071 | https://github.com/VenusADLab/EtherTokens/blob/master/CCindexToken/CCindexToken.md |
ethereum — chuchulingaigo_token | The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. | CVE-2018-13327 | https://github.com/safecomet/EtherTokens/blob/master/ChuCunLingAIGO%20%28CCLAG%29/ChuCunLingAIGO%20%28CCLAG%29.md |
ethereum — cibn_live_token | The mintToken function of a smart contract implementation for CIBN Live Token (CIBN LIVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13187 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CIBNLiveInteractiveToken |
ethereum — coffeecoin_token | The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13072 | https://github.com/VenusADLab/EtherTokens/blob/master/Coffeecoin/Coffeecoin.md |
ethereum — coinstar_token | The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13087 | https://github.com/VenusADLab/EtherTokens/blob/master/MyAdvancedToken/MyAdvancedToken.md |
ethereum — cointoken | The sell function of a smart contract implementation for CoinToken, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13217 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CoinToken |
ethereum — cranoo_token | The mintToken function of a smart contract implementation for Cranoo (CRN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13195 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CranooAdvanced |
ethereum — crowdnext_token | The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13228 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Crowdnext |
ethereum — cryptoabs_token | The mintToken function of a smart contract implementation for CryptoABS (ABS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13174 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptoABS |
ethereum — cryptonitexcoin_token | The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13157 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptonitexCoin |
ethereum — ctb_token | The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13077 | https://github.com/VenusADLab/EtherTokens/blob/master/CTB/CTB.md |
ethereum — dateme_token | The sell function of a smart contract implementation for DateMe (DMX) (Contract Name: ProgressiveToken), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13200 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ProgressiveToken |
ethereum — destineed_token | The sell function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13230 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DestiNeedToken |
ethereum — dvchain_token | The mintToken function of a smart contract implementation for DVChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13190 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DVChain |
ethereum — dychain_token | The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13069 | https://github.com/VenusADLab/EtherTokens/blob/master/DYC/DYC.md |
ethereum — easy_trading_token | The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. | CVE-2018-13113 | https://github.com/safecomet/EtherTokens/tree/master/Easy%20Trading%20Token%20%28ETT%29 |
ethereum — ectoints_token | The mintToken function of a smart contract implementation for ECToints (ECT) (Contract Name: ECPoints), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13178 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ECPoints |
ethereum — eliteshippertoken | The mintToken function of a smart contract implementation for EliteShipperToken (ESHIP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13173 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EliteShipperToken |
ethereum — encryptedtoken | The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13070 | https://github.com/VenusADLab/EtherTokens/blob/master/EncryptedToken/EncryptedToken.md |
ethereum — enter_token | The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13231 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EnterToken |
ethereum — enter_token | The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13232 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EnterCoin |
ethereum — eppcoin_token | The mintToken function of a smart contract implementation for EPPCOIN (EPP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13164 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyEPPToken |
ethereum — ethercash_token | The sell function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13204 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ETHERCASH |
ethereum — ethereum_cash_pro_token | The mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13169 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ethereum_Cash_Pro_Coin |
ethereum — ethereumblack_token | The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13073 | https://github.com/VenusADLab/EtherTokens/blob/master/ETHEREUMBLACK/ETHEREUMBLACK.md |
ethereum — ethereumblack_token | The sell function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13199 | https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md |
ethereum — ethereumlegit_token | The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13212 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EthereumLegit |
ethereum — ethernet_cash_token | The mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13163 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ethernet%20Cash%20%28ENC%29 |
ethereum — etherty_token | Etherty Token (ETY) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | CVE-2018-13128 | https://github.com/dwfault/AirTokens/tree/master/ETY |
ethereum — etktokens | The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13160 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/etktokens |
ethereum — extreme_coin_token | The sell function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13221 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ExtremeToken |
ethereum — fibtoken | The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13074 | https://github.com/VenusADLab/EtherTokens/blob/master/FIBToken/FIBToken.md |
ethereum — freecoin_token | The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13085 | https://github.com/VenusADLab/EtherTokens/blob/master/FreeCoin/FreeCoin.md |
ethereum — futures_pease_token | The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13088 | https://github.com/VenusADLab/EtherTokens/blob/master/TokenERC20/TokenERC20.md |
ethereum — gemchain_token | The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13155 | https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md |
ethereum — gmile_token | The sell function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13214 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GMile |
ethereum — go_ethereum | The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue. | CVE-2018-12018 | https://github.com/ethereum/go-ethereum/releases/tag/v1.8.11 |
ethereum — good_time_coin_token | The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13084 | https://github.com/VenusADLab/EtherTokens/blob/master/GoodTimeCoin/GoodTimeCoin.md |
ethereum — goodto_token | The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13079 | https://github.com/VenusADLab/EtherTokens/blob/master/GoodTo/GoodTo.md |
ethereum — goutex_token | The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13080 | https://github.com/VenusADLab/EtherTokens/blob/master/Goutex/Goutex.md |
ethereum — greenmed_token | The sell function of a smart contract implementation for GreenMed (GRMD), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13216 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GreenMed |
ethereum — growchain_token | The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow. | CVE-2018-13325 | https://github.com/safecomet/EtherTokens/blob/master/GROWCHAIN%20%28GROW%29/GROWCHAIN%20%28GROW%29.md |
ethereum — gsi_token | The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13233 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GSI |
ethereum — gvtoken_genesis_vision | GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | CVE-2018-11335 | https://github.com/dwfault/AirTokens/tree/master/GVT |
ethereum — gzs_token | The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13081 | https://github.com/VenusADLab/EtherTokens/blob/master/GZSToken/GZSToken.md |
ethereum — hentaisolo_token | The mintToken function of a smart contract implementation for hentaisolo (HAO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13193 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/hentaisolo |
ethereum — iadowr_coin_token | The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13086 | https://github.com/VenusADLab/EtherTokens/blob/master/IADOWR/IADOWR.md |
ethereum — ico_dollar_token | The sell function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13218 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ICODollar |
ethereum — imm_coin_token | The mintToken function of a smart contract implementation for IMM Coin (IMC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13180 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IMMCoin |
ethereum — javaswaptest_token | The mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow. | CVE-2018-13145 | https://github.com/safecomet/EtherTokens/blob/master/JavaSwapTest%20%28JST%29/JavaSwapTest%20%28JST%29.md |
ethereum — jitech_token | The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13078 | https://github.com/VenusADLab/EtherTokens/blob/master/Jitech/Jitech.md |
ethereum — jobscoin_token | The mintToken function of a smart contract implementation for Jobscoin (JOB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13192 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Jobscoin |
ethereum — justdcoin_token | The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13165 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DCoin |
ethereum — jwc_token | The mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13183 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JWCToken |
ethereum — ladatoken_token | The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13171 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/LadaToken |
ethereum — lef_token | The mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow. | CVE-2018-13146 | https://github.com/safecomet/EtherTokens/blob/master/LEF%20%28LEF%29/LEF%20%28LEF%29.md |
ethereum — link_platform_token | The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13041 | https://github.com/dwfault/AirTokens/blob/master/Link_Platform__LNK_/mint%20integer%20overflow.md |
ethereum — loncoin_token | The mintToken function of a smart contract implementation for loncoin (LON), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13182 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/loncoin |
ethereum — mavcash_token | The sell function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13220 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MAVCash |
ethereum — miningrigrentals_token | The mintToken function of a smart contract implementation for MiningRigRentals Token (MRR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13177 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MiningRigRentalsToken |
ethereum — mmtcoin_token | The mintToken function of a smart contract implementation for MMTCoin (MMT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13186 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MMTCoinToken |
ethereum — modi_token | The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13082 | https://github.com/VenusADLab/EtherTokens/blob/master/ModiTokenERC20/ModiTokenERC20.md |
ethereum — moneychainnet_token | The sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13227 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoneyChainNetToken |
ethereum — moneytree_token | The sell function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13208 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoneyTreeToken |
ethereum — moxyonepresale | MoxyOnePresale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | CVE-2018-13126 | https://github.com/dwfault/AirTokens/tree/master/MoxyOnePresale |
ethereum — multigames_token | The mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13161 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MultiGamesToken |
ethereum — mybo_token | The sell function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13202 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyBoToken |
ethereum — mybo_token | The mintToken function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13188 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyBoToken |
ethereum — mytoken | The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13211 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyToken |
ethereum — myylc_token | The sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13225 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyYLCToken |
ethereum — nectar_token | The sell function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13209 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NectarCoin |
ethereum — objecttoken_token | The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13222 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ObjectToken |
ethereum — ohni_2_token | The sell function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13205 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ohni |
ethereum — pandora_token | The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. | CVE-2018-13144 | https://github.com/safecomet/EtherTokens/blob/master/Pandora%20%28PDX%29/Pandora%20%28PDX%29.md |
ethereum — pfgc_token | The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow. | CVE-2018-13328 | https://github.com/safecomet/EtherTokens/blob/master/PFGc%20%28PFGc%29/PFGc%20%28PFGc%29.md |
ethereum — plaza_token | The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13083 | https://github.com/VenusADLab/EtherTokens/blob/master/PlazaToken/PlazaToken.md |
ethereum — porncoin_token | The sell function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13207 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PornCoin |
ethereum — providence_crypto_casino_token | The sell function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13210 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ProvidenceCasinoToken |
ethereum — providencecasino_token | The sell function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13206 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PVE |
ethereum — r_time_token | The sell function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13223 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RTokenMain |
ethereum — reimburse_token | The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13092 | https://github.com/VenusADLab/EtherTokens/blob/master/ReimburseToken/ReimburseToken.md |
ethereum — ribtidecoin_token | The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13229 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RiptideCoin |
ethereum — sample_token | The sell function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13215 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/cashBackMintable |
ethereum — snoqualmie_coin_token | The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13170 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SnoqualmieCoin |
ethereum — sp8de_presale_token | SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | CVE-2018-13127 | https://github.com/dwfault/AirTokens/tree/master/DSPX |
ethereum — sp8de_token | SP8DE Token (SPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | CVE-2018-13129 | https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md |
ethereum — spadeico | Spadeico is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | CVE-2018-13132 | https://github.com/dwfault/AirTokens/tree/master/SpadeICO |
ethereum — spadepresale | SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. | CVE-2018-13131 | https://github.com/dwfault/AirTokens/tree/master/SpadePreSale |
ethereum — stex_exchange_ico_token | The sell function of a smart contract implementation for STeX Exchange ICO (STE), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13198 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/STE |
ethereum — sumocoin_token | The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13091 | https://github.com/VenusADLab/EtherTokens/blob/master/sumocoin/sumocoin.md |
ethereum — super_carbon_coin_token | The mintToken function of a smart contract implementation for Super Carbon Coin (SCC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13191 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SuperCarbonCoinToken |
ethereum — swaptoken_token | The sellBuyerTokens function of a smart contract implementation for SwapToken, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13203 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SwapToken |
ethereum — t-swap-token | The sell function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13196 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TSwap |
ethereum — titok-ticket_token | The sell function of a smart contract implementation for TiTok – Ticket Token (Contract Name: MyAdvancedToken7), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13201 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyAdvancedToken7 |
ethereum — tongtong_coin_token | The mintToken function of a smart contract implementation for TongTong Coin (TTCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13194 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TTCoin |
ethereum — travelcoin_token | The sell function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13213 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TravelCoinToken |
ethereum — travelzedi_token | The mintToken function of a smart contract implementation for TravelZedi Token (ZEDI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13184 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TravelZediToken |
ethereum — troo_token | The mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13181 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Troo |
ethereum — trust_zen_token | The mintToken function of a smart contract implementation for Trust Zen Token (ZEN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13176 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TrustZen |
ethereum — universal_coin_token | The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13089 | https://github.com/VenusADLab/EtherTokens/blob/master/UCoinToken/UCoinToken.md |
ethereum — unolabo_token | The mint function of a smart contract implementation for Unolabo (UNLB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13189 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/UNLB |
ethereum — virtual_energy_units_token | The sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13224 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TokenERC20 |
ethereum — welfare_token_fund_token | The sell function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13197 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/WelfareTokenFund |
ethereum — yitongcoin_token | The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13090 | https://github.com/VenusADLab/EtherTokens/blob/master/YiTongCoin/YiTongCoin.md |
ethereum — ylctoken | The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13226 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/YLCToken |
ethereum — yourcoin_token | The sell function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. | CVE-2018-13219 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ETH033 |
ethereum — yu_gi_oh_token | The mintToken function of a smart contract implementation for Yu Gi Oh (YGO) (Contract Name: NetkillerBatchToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13168 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NetkillerBatchToken |
ethereum — yu_gi_oh_token | The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | CVE-2018-13167 | https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ygo |