Jul 2018 – Integer overflow may killed Ethereum!

 

Quote:
Attacker passes int greater than max (positive)
–> value wraps around to the min (negative!)

Can cause unexpected program behavior, possible buffer overflow exploits

The existing market cap of Ether (ETH) is more than Ripple and Litecoin, although it’s far behind Bitcoin (BTC). Ethereum contains potential market power. But integer overflow is the enemy of Ethereum. It is possible to scare the investor when related incident occurs.

What is the modulus in math?
Notice that the numbers on the clock go up to twelve, and then they start over.
In mathematics, this circular counting is called modular arithmetic, and the number 12 in this example is called a modulus.

Above theory bring  an idea that when modulus reach limit then it will reset to zero.

For instance, the owner of the smartcontract could set sellPrice and buyPrice using setPrices() function. For example, after some transactions, the owner could set sellPrice to 0x8000000000000000000000000000000000000000000000000000000000000000 (modulus). When some user wanted to sell 2 ETCBKs for ETHs back,amount * sellPrice equals 0. Thus the seller gave out 2 ETCBKs but none ETHs was retrieved. The contract still kept it, which makes this token unsafe. An overflow condition gives incorrect results and, particularly if the possibility has not been anticipated, can compromise a program’s reliability and security.

Theoretically, the programming language contain “Safe Math” can protect integer overflow/underflow won’t happen.

Below table of contents displayed the Integer overflow handling status in various programming languages.

 

Integer overflow handling in various programming languages
Language
Unsigned integer Signed integer
Ada modulo the type’s modulus raise Constraint_Error
C/C++ modulo power of two undefined behavior
C# modulo power of 2 in unchecked context; System.OverflowException is raised in checked cont
Java N/A modulo power of two
JavaScript all numbers are double-precision floating-point
MATLAB Builtin integers saturate. Fixed-point integers configurable to wrap or saturate
Python 2 N/A convert to long type (bigint)
Seed7 N/A raise OVERFLOW_ERROR
Scheme N/A convert to bigNum
Simulink configurable to wrap or saturate
Smalltalk N/A convert to LargeInteger
Swift Causes error unless using special overflow operato

This could happen whenever you are doing arithmetic operations such as + , – , * . When using the SafeMath library, the results of this operations will be checked and an error will be thrown stopping the execution of your smart contract.

Solidity can doing the magic

With Solidity feature, you can call the public functions defined by your library.  The SafeMath library to protect from inputs that could make your contract do unexpected things after overflow or underflow leading arithmetic operations.

Perhaps former cryptocurrency not used Solidity library and there it is possible let attacker conduct the integer overflow attacks. Below is the most update CVE status on Jul 2018.

 

ethereum — aichain_token The mintToken function of a smart contract implementation for AIChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13175 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AIChain
ethereum — air-contact_token The mintToken function of a smart contract implementation for Air-Contact Token (AIR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13179 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AirContactToken
ethereum — alex_token The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13162 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ALEX%20%28ALEX%29
ethereum — appcoins_token The mintToken function of a smart contract implementation for appcoins (APPC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13185 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/appcoins
ethereum — assettoken The mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13158 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AssetToken
ethereum — athleticoin_token The mintToken function of a smart contract implementation for AthletiCoin (ATHA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13166 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AthletiCoin
ethereum — atlant_token ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-11429 https://github.com/dwfault/AirTokens/tree/master/ATLANT
ethereum — azuriontoken The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13068 https://github.com/VenusADLab/EtherTokens/blob/master/AzurionToken/AzurionToken.md
ethereum — bankcoin_token The mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13159 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bankcoin
ethereum — betcash_token The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13076 https://github.com/VenusADLab/EtherTokens/blob/master/Betcash/Betcash.md
ethereum — bitotal_token Bitotal (TFUND) is a smart contract running on Ethereum. The mintTokens function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-13130 https://github.com/dwfault/AirTokens/tree/master/Bitotal
ethereum — bittelux_token The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. CVE-2018-13326 https://github.com/safecomet/EtherTokens/blob/master/Bittelux%20%28BTX%29/Bittelux%20%28BTX%29.md
ethereum — bonustoken The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13156 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bonusToken
ethereum — bzxcoin_token The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13172 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bzxcoin
ethereum — carbon_exchange_coin_token The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13075 https://github.com/VenusADLab/EtherTokens/blob/master/CarbonExchangeCoinToken/CarbonExchangeCoinToken.md
ethereum — ccindex10_token The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13071 https://github.com/VenusADLab/EtherTokens/blob/master/CCindexToken/CCindexToken.md
ethereum — chuchulingaigo_token The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. CVE-2018-13327 https://github.com/safecomet/EtherTokens/blob/master/ChuCunLingAIGO%20%28CCLAG%29/ChuCunLingAIGO%20%28CCLAG%29.md
ethereum — cibn_live_token The mintToken function of a smart contract implementation for CIBN Live Token (CIBN LIVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13187 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CIBNLiveInteractiveToken
ethereum — coffeecoin_token The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13072 https://github.com/VenusADLab/EtherTokens/blob/master/Coffeecoin/Coffeecoin.md
ethereum — coinstar_token The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13087 https://github.com/VenusADLab/EtherTokens/blob/master/MyAdvancedToken/MyAdvancedToken.md
ethereum — cointoken The sell function of a smart contract implementation for CoinToken, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13217 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CoinToken
ethereum — cranoo_token The mintToken function of a smart contract implementation for Cranoo (CRN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13195 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CranooAdvanced
ethereum — crowdnext_token The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13228 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Crowdnext
ethereum — cryptoabs_token The mintToken function of a smart contract implementation for CryptoABS (ABS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13174 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptoABS
ethereum — cryptonitexcoin_token The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13157 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptonitexCoin
ethereum — ctb_token The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13077 https://github.com/VenusADLab/EtherTokens/blob/master/CTB/CTB.md
ethereum — dateme_token The sell function of a smart contract implementation for DateMe (DMX) (Contract Name: ProgressiveToken), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13200 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ProgressiveToken
ethereum — destineed_token The sell function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13230 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DestiNeedToken
ethereum — dvchain_token The mintToken function of a smart contract implementation for DVChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13190 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DVChain
ethereum — dychain_token The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13069 https://github.com/VenusADLab/EtherTokens/blob/master/DYC/DYC.md
ethereum — easy_trading_token The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. CVE-2018-13113 https://github.com/safecomet/EtherTokens/tree/master/Easy%20Trading%20Token%20%28ETT%29
ethereum — ectoints_token The mintToken function of a smart contract implementation for ECToints (ECT) (Contract Name: ECPoints), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13178 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ECPoints
ethereum — eliteshippertoken The mintToken function of a smart contract implementation for EliteShipperToken (ESHIP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13173 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EliteShipperToken
ethereum — encryptedtoken The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13070 https://github.com/VenusADLab/EtherTokens/blob/master/EncryptedToken/EncryptedToken.md
ethereum — enter_token The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13231 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EnterToken
ethereum — enter_token The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13232 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EnterCoin
ethereum — eppcoin_token The mintToken function of a smart contract implementation for EPPCOIN (EPP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13164 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyEPPToken
ethereum — ethercash_token The sell function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13204 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ETHERCASH
ethereum — ethereum_cash_pro_token The mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13169 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ethereum_Cash_Pro_Coin
ethereum — ethereumblack_token The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13073 https://github.com/VenusADLab/EtherTokens/blob/master/ETHEREUMBLACK/ETHEREUMBLACK.md
ethereum — ethereumblack_token The sell function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13199 https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md
ethereum — ethereumlegit_token The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13212 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EthereumLegit
ethereum — ethernet_cash_token The mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13163 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ethernet%20Cash%20%28ENC%29
ethereum — etherty_token Etherty Token (ETY) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-13128 https://github.com/dwfault/AirTokens/tree/master/ETY
ethereum — etktokens The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13160 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/etktokens
ethereum — extreme_coin_token The sell function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13221 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ExtremeToken
ethereum — fibtoken The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13074 https://github.com/VenusADLab/EtherTokens/blob/master/FIBToken/FIBToken.md
ethereum — freecoin_token The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13085 https://github.com/VenusADLab/EtherTokens/blob/master/FreeCoin/FreeCoin.md
ethereum — futures_pease_token The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13088 https://github.com/VenusADLab/EtherTokens/blob/master/TokenERC20/TokenERC20.md
ethereum — gemchain_token The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13155 https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md
ethereum — gmile_token The sell function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13214 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GMile
ethereum — go_ethereum The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue. CVE-2018-12018 https://github.com/ethereum/go-ethereum/releases/tag/v1.8.11
ethereum — good_time_coin_token The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13084 https://github.com/VenusADLab/EtherTokens/blob/master/GoodTimeCoin/GoodTimeCoin.md
ethereum — goodto_token The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13079 https://github.com/VenusADLab/EtherTokens/blob/master/GoodTo/GoodTo.md
ethereum — goutex_token The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13080 https://github.com/VenusADLab/EtherTokens/blob/master/Goutex/Goutex.md
ethereum — greenmed_token The sell function of a smart contract implementation for GreenMed (GRMD), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13216 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GreenMed
ethereum — growchain_token The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow. CVE-2018-13325 https://github.com/safecomet/EtherTokens/blob/master/GROWCHAIN%20%28GROW%29/GROWCHAIN%20%28GROW%29.md
ethereum — gsi_token The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13233 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GSI
ethereum — gvtoken_genesis_vision GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-11335 https://github.com/dwfault/AirTokens/tree/master/GVT
ethereum — gzs_token The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13081 https://github.com/VenusADLab/EtherTokens/blob/master/GZSToken/GZSToken.md
ethereum — hentaisolo_token The mintToken function of a smart contract implementation for hentaisolo (HAO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13193 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/hentaisolo
ethereum — iadowr_coin_token The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13086 https://github.com/VenusADLab/EtherTokens/blob/master/IADOWR/IADOWR.md
ethereum — ico_dollar_token The sell function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13218 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ICODollar
ethereum — imm_coin_token The mintToken function of a smart contract implementation for IMM Coin (IMC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13180 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IMMCoin
ethereum — javaswaptest_token The mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow. CVE-2018-13145 https://github.com/safecomet/EtherTokens/blob/master/JavaSwapTest%20%28JST%29/JavaSwapTest%20%28JST%29.md
ethereum — jitech_token The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13078 https://github.com/VenusADLab/EtherTokens/blob/master/Jitech/Jitech.md
ethereum — jobscoin_token The mintToken function of a smart contract implementation for Jobscoin (JOB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13192 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Jobscoin
ethereum — justdcoin_token The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13165 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DCoin
ethereum — jwc_token The mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13183 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JWCToken
ethereum — ladatoken_token The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13171 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/LadaToken
ethereum — lef_token The mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow. CVE-2018-13146 https://github.com/safecomet/EtherTokens/blob/master/LEF%20%28LEF%29/LEF%20%28LEF%29.md
ethereum — link_platform_token The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13041 https://github.com/dwfault/AirTokens/blob/master/Link_Platform__LNK_/mint%20integer%20overflow.md
ethereum — loncoin_token The mintToken function of a smart contract implementation for loncoin (LON), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13182 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/loncoin
ethereum — mavcash_token The sell function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13220 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MAVCash
ethereum — miningrigrentals_token The mintToken function of a smart contract implementation for MiningRigRentals Token (MRR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13177 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MiningRigRentalsToken
ethereum — mmtcoin_token The mintToken function of a smart contract implementation for MMTCoin (MMT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13186 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MMTCoinToken
ethereum — modi_token The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13082 https://github.com/VenusADLab/EtherTokens/blob/master/ModiTokenERC20/ModiTokenERC20.md
ethereum — moneychainnet_token The sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13227 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoneyChainNetToken
ethereum — moneytree_token The sell function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13208 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoneyTreeToken
ethereum — moxyonepresale MoxyOnePresale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-13126 https://github.com/dwfault/AirTokens/tree/master/MoxyOnePresale
ethereum — multigames_token The mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13161 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MultiGamesToken
ethereum — mybo_token The sell function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13202 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyBoToken
ethereum — mybo_token The mintToken function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13188 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyBoToken
ethereum — mytoken The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13211 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyToken
ethereum — myylc_token The sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13225 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyYLCToken
ethereum — nectar_token The sell function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13209 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NectarCoin
ethereum — objecttoken_token The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13222 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ObjectToken
ethereum — ohni_2_token The sell function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13205 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ohni
ethereum — pandora_token The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. CVE-2018-13144 https://github.com/safecomet/EtherTokens/blob/master/Pandora%20%28PDX%29/Pandora%20%28PDX%29.md
ethereum — pfgc_token The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow. CVE-2018-13328 https://github.com/safecomet/EtherTokens/blob/master/PFGc%20%28PFGc%29/PFGc%20%28PFGc%29.md
ethereum — plaza_token The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13083 https://github.com/VenusADLab/EtherTokens/blob/master/PlazaToken/PlazaToken.md
ethereum — porncoin_token The sell function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13207 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PornCoin
ethereum — providence_crypto_casino_token The sell function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13210 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ProvidenceCasinoToken
ethereum — providencecasino_token The sell function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13206 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PVE
ethereum — r_time_token The sell function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13223 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RTokenMain
ethereum — reimburse_token The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13092 https://github.com/VenusADLab/EtherTokens/blob/master/ReimburseToken/ReimburseToken.md
ethereum — ribtidecoin_token The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13229 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RiptideCoin
ethereum — sample_token The sell function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13215 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/cashBackMintable
ethereum — snoqualmie_coin_token The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13170 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SnoqualmieCoin
ethereum — sp8de_presale_token SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-13127 https://github.com/dwfault/AirTokens/tree/master/DSPX
ethereum — sp8de_token SP8DE Token (SPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-13129 https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md
ethereum — spadeico Spadeico is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-13132 https://github.com/dwfault/AirTokens/tree/master/SpadeICO
ethereum — spadepresale SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-13131 https://github.com/dwfault/AirTokens/tree/master/SpadePreSale
ethereum — stex_exchange_ico_token The sell function of a smart contract implementation for STeX Exchange ICO (STE), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13198 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/STE
ethereum — sumocoin_token The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13091 https://github.com/VenusADLab/EtherTokens/blob/master/sumocoin/sumocoin.md
ethereum — super_carbon_coin_token The mintToken function of a smart contract implementation for Super Carbon Coin (SCC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13191 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SuperCarbonCoinToken
ethereum — swaptoken_token The sellBuyerTokens function of a smart contract implementation for SwapToken, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13203 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SwapToken
ethereum — t-swap-token The sell function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13196 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TSwap
ethereum — titok-ticket_token The sell function of a smart contract implementation for TiTok – Ticket Token (Contract Name: MyAdvancedToken7), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13201 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyAdvancedToken7
ethereum — tongtong_coin_token The mintToken function of a smart contract implementation for TongTong Coin (TTCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13194 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TTCoin
ethereum — travelcoin_token The sell function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13213 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TravelCoinToken
ethereum — travelzedi_token The mintToken function of a smart contract implementation for TravelZedi Token (ZEDI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13184 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TravelZediToken
ethereum — troo_token The mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13181 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Troo
ethereum — trust_zen_token The mintToken function of a smart contract implementation for Trust Zen Token (ZEN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13176 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TrustZen
ethereum — universal_coin_token The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13089 https://github.com/VenusADLab/EtherTokens/blob/master/UCoinToken/UCoinToken.md
ethereum — unolabo_token The mint function of a smart contract implementation for Unolabo (UNLB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13189 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/UNLB
ethereum — virtual_energy_units_token The sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13224 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TokenERC20
ethereum — welfare_token_fund_token The sell function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13197 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/WelfareTokenFund
ethereum — yitongcoin_token The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13090 https://github.com/VenusADLab/EtherTokens/blob/master/YiTongCoin/YiTongCoin.md
ethereum — ylctoken The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13226 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/YLCToken
ethereum — yourcoin_token The sell function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13219 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ETH033
ethereum — yu_gi_oh_token The mintToken function of a smart contract implementation for Yu Gi Oh (YGO) (Contract Name: NetkillerBatchToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13168 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NetkillerBatchToken
ethereum — yu_gi_oh_token The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13167 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ygo