Category Archives: Blockchain

CVE-2024-7884 – Fix memory leak in CallFuture (6th Sep 2024)

Preface: The world’s first web-speed, internet-scale public blockchain. At the virtual event launching Sodium on September 30, 2022, the DFINITY Foundation will launch the Network Nervous System, an open algorithmic governance system that controlling the Internet computer. The event will also showcase in-depth technical material on advanced cryptography, consensus protocols, and token economics.

Background: Intercanister calls can be used to update information between two or more canisters.

ic-cdk : Inter-canister calls for the ICRC-1 ledger.

ledger-icrc-js : A library for interfacing with ICRC-1 ledger on the Internet Computer.

When you deploy the WebAssembly module that contains your program on the Internet Computer blockchain, the program is executed inside a conceptual computational unit called a canister. Canisters can be developed in various programming languages.

With respect to update calls, canisters are “software actors” and may only contain a single thread of execution at any time, obviating the need for concurrency primitives such as mutexes. However, when update calls block on cross-canister calls to other canisters, other update calls can be started or continued, allowing for interleaving.

Ref: In most cases, you use dfx canister subcommands after you compile a program to manage the canister lifecycle and to perform key tasks such as calling program functions. The basic syntax for running dfx canister commands is: dfx canister <subcommand> [options]

Vulnerability details: When a canister method is called via ic_cdk::call* , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called CallFutureState. A bug in the polling implementation of the CallFuture allows multiple references to be held for this internal state and not all references were dropped before the Future is resolved. Since we have unaccounted references held, a copy of the internal state ended up being persisted in the canister’s heap and thus causing a memory leak. Impact Canisters built in Rust with ic_cdk and ic_cdk_timers are affected. If these canisters call a canister method, use timers or heartbeat, they will likely leak a small amount of memory on every such operation. In the worst case, this could lead to heap memory exhaustion triggered by an attacker.

Official announcement: Please refer to the link for details – https://www.tenable.com/cve/CVE-2024-7884

Get closer look CVE-2024-39920: About “SnailLoad” issue (5-Jul-2024)

NVD Published Date: 07/03/2024

Preface: How is RTT measured in TCP? Measures the time from sending a packet to getting an acknowledgment packet from the target host.

Background: A new technology standard called “RFC 9293” was released on August 18, 2022.

Highlight:

-Acknowledgment Number:  32 bits – If the ACK control bit is set, this field contains the value of the next sequence number the sender of the segment is expecting to receive.  Once a connection is established, this is always sent.

-There are also methods of “fingerprinting” that can be used to infer the host TCP implementation (operating system) version or platform
information. These collect observations of several aspects, such as
the options present in segments, the ordering of options, the
specific behaviors in the case of various conditions, packet timing,
packet sizing, and other aspects of the protocol that are left to be
determined by an implementer, and can use those observations to
identify information about the host and implementation.

Vulnerability details: The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system (to any server), when that client system is concurrently obtaining TCP data at a slow rate from an attacker-controlled server, aka the “SnailLoad” issue. For example, the attack can begin by measuring RTTs via the TCP segments whose role is to provide an ACK control bit and an Acknowledgment Number.

Official announcement: For detail, please refer to link – https://nvd.nist.gov/vuln/detail/CVE-2024-39920

CVE-2021-33403 – Lancer Token Ethereum ERC20 Token integer overflow (4-8-2021)

Preface: As of 4th Aug, 2021. There are 8106 unique holders of Lancer Token now on total amount 151 377 339,14 LNC.

Background: One of the most significant Ethereum tokens is known as ERC-20. ERC-20 tokens are issued on the Ethereum network. As of October 2019, more than 200,000 ERC-20-compatible tokens exist on Ethereum’s main network.

Vulnerability Details: An integer overflow in the transfer function of a smart contract implementation for Lancer Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses between two large accounts during a transaction.

Reference: The attacker was able to pass a combination of input values that generate large results than the maximum value of uint256 data type can hold. It caused integer overflow and only the least significant bits have been retained. In other words, the uint256 variable reached to the maximum value that can be held and it wraps around by starting from 0. For example, an uint8 (8-bit unsigned integer) can represent maximum value of 28−1=255 (0xff). Multiplying 0x02 by 0x80 causes integer overflow and produces 0x00 as the result (0x02 * 0x80 = 0x100 => 0x00).

Reference article: Please refer to the following link – https://nvd.nist.gov/vuln/detail/CVE-2021-33403

CVE-2021-3195 Improper Input Validation of Dumpwallet (19th Mar 2021)

Preface: In 2020, the public doubts that Bitcoin may die. The fact is, his performance is strong.

Background: Dumpwallet capable to dump all wallet keys in a human-readable format to a server-side file. When you use dumpwallet, you should expect to see several thousand lines. If you have not imported any scripts, you should have the same number of key lines as script lines.
This is because each key has a segwit script. SegWit is the process by which the block size limit on a blockchain is increased by removing signature data from bitcoin transactions. BIP173 is a way to encode segwit transaction outputs. If you have imported any scripts such as multisig scripts or addresses which are not yours, then you will see those scripts in the script lines as well.

Vulnerability details: Bitcoind is the Bitcoin Core daemon. A design weakness found on dumpwallet. The bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call.

Impact: Arbitrary code execution is possible if file created. It increase the insider threats risk level.

Status: No official announcement has been received stating that the bug has been fixed. For more details, please refer to the link – https://github.com/bitcoin/bitcoin/issues/20866

Coinbase acquisition hits controversial!

Preface: Coinbase announced that it had acquired Neutrino, a blockchain intelligence startup on Feb 2019. This acquisition aim to analyzing data on public blockchains, Neutrino will help us prevent theft of funds from peoples’ accounts, investigate ransomware attacks, and identify bad actors.

Market status: A tremendous worries by cryptocurrency users because the Neutrino (acquired company) run by Former Spyware Developers. And the Neutrinos key staff have been involved with Hacking Team.

Recalling memories: Do you still remember Italian surveillance company exploit CVE-2013-0633. The attacks Involving DaVinci. HackingTeam sold the zero-day exploit to the parties carrying out these attacks or if they acquired the zero-day exploit that allowed them to install DaVinci from a different source. Hacking team responsible the above action.

In the meantime, no further status update. Should you have interest of this news, please refer headline news by Bloomberg (see below): https://www.bloomberg.com/news/articles/2019-03-04/coinbase-risks-user-losses-after-buying-firm-with-spyware-ties?srnd=cybersecurity

Do we really need cryptocurrency or bitcoin?

Preface: A new survey out of China shows surging interest in the bitcoin and cryptocurrency, with many keen to invest in crypto in the future – said Forbes News.

Synopsis: The behaviour of human relies on banknotes perhaps will be replaced by another style of method substitution soon. It is hard to say that bitcoin is the substitution. But the new generation of technologies can tell. Retrospectively at the decades after the Second World War. The industrial civilization on Earth driven economic growth. Whereby it create a motivation power to payment industry. For instance Telex and SWIFT payment system. As a matter of fact, we have to admit that electronic payment become a the trend in future. As a matter of fact cryptocurrency or blockchain technology is on the way integrate to modern business world.

Prediction: On Feb 2019, JPMorgan became the first major United States bank to introduce its own digital token for real-world use (see below url).
https://www.nytimes.com/2019/02/14/business/dealbook/jpmorgan-cryptocurrency-bitcoin.html
Besides, the initiatives of smart city construction around the world. And believe that old fashion of payment concept and architecture should be replaced!

Ethereum carrier Solidity shield – Call abuse vulnerability (CVE-2018-14087)

An Integer Overflow is the condition that occurs when the result of an arithmetic operation, such as multiplication or addition, exceeds the maximum size of the integer type used to store it. Ethereum hits such vulnerability in frequent. The solidity programming language rescue Ethererum in the cryptocurrency world. But no prefect things in the world. A vulnerability found on Ethereum EUC token recently. The EUC token build by solidity programming language. The guru given his nick name “call abused” vulnerability. For details, please see below hyperlink for references.

Ethereum EUC Token (call abused) – CVE-2018-14087

https://github.com/rootclay/Audit-of-smart-contracts/tree/master/0x8810C63470d38639954c6B41AaC545848C46484a

Additional information – Ethereum integer overflow vulnerabilities

Ethereum aditus token (CV-2018-12959):

https://github.com/hellowuzekai/blockchains/blob/master/overflow2.md

Ethereum mkcb_token:

https://github.com/hellowuzekai/blockchains/blob/master/README.md

Ethereum singaporecoinorigin token:

https://github.com/hellowuzekai/blockchains/blob/master/overflow1.md

Ethereum stex white list token:

https://github.com/hellowuzekai/blockchains/blob/master/overflow3.md

Ethereum tracto token:

https://github.com/tracto2/Tracto-ERC20/issues/1

Ethereum virgo zodiactoken token:

https://github.com/hellowuzekai/blockchains/blob/master/transferFrom.md

Not belongs to integer overflow vulnerability:

Ethereum userwallet 0x0a7bca9fb7af-f26c6ed8029b-b6f0f5d291587c42 token:

https://github.com/hellowuzekai/blockchains/blob/master/delegatecall.md

Integer overflow weakness similar kill the Ethereum. But SafeMath to protect from overflows.

Integer overflow weakness similar kill the Ethereum – for more details, please see below (url):

Jul 2018 – Integer overflow may killed Ethereum!

But SafeMath to protect from overflows.

c >= a causes integer overflow happen

arithmetic: c=a+b-M (where M = 2**256 is the max unit256 plus one)

If c >=a replace to get a + b -M >=a

Cancelling and recording terms and get b >= M

Result: b is a uint256 and thus b < M

write an algebraic expression in a certain order. We start with the terms that have the largest exponents and work our way down to the constants. Using the commutative property of addition, we can rearrange the terms and put this expression in correct order, like this.

Reference:
Before you evaluate an algebraic expression, you need to simplify it. This will make all your calculations much easier. Here are the basic steps to follow to simplify an algebraic expression:

remove parentheses by multiplying factors
use exponent rules to remove parentheses in terms with exponents
combine like terms by adding coefficients
combine the constants

http://www.math.com/school/subject2/lessons/S2U2L5DP.html

How does the SafeMath library of OpenZeppelin protect your code from integer overflow?

https://ethereum.stackexchange.com/questions/38525/how-does-the-safemath-library-of-openzeppelin-protect-your-code-from-integer-ove?rq=1

Jul 2018 – Integer overflow may killed Ethereum!

 

Quote:
Attacker passes int greater than max (positive)
–> value wraps around to the min (negative!)

Can cause unexpected program behavior, possible buffer overflow exploits

The existing market cap of Ether (ETH) is more than Ripple and Litecoin, although it’s far behind Bitcoin (BTC). Ethereum contains potential market power. But integer overflow is the enemy of Ethereum. It is possible to scare the investor when related incident occurs.

What is the modulus in math?
Notice that the numbers on the clock go up to twelve, and then they start over.
In mathematics, this circular counting is called modular arithmetic, and the number 12 in this example is called a modulus.

Above theory bring  an idea that when modulus reach limit then it will reset to zero.

For instance, the owner of the smartcontract could set sellPrice and buyPrice using setPrices() function. For example, after some transactions, the owner could set sellPrice to 0x8000000000000000000000000000000000000000000000000000000000000000 (modulus). When some user wanted to sell 2 ETCBKs for ETHs back,amount * sellPrice equals 0. Thus the seller gave out 2 ETCBKs but none ETHs was retrieved. The contract still kept it, which makes this token unsafe. An overflow condition gives incorrect results and, particularly if the possibility has not been anticipated, can compromise a program’s reliability and security.

Theoretically, the programming language contain “Safe Math” can protect integer overflow/underflow won’t happen.

Below table of contents displayed the Integer overflow handling status in various programming languages.

 

Integer overflow handling in various programming languages
Language
Unsigned integer Signed integer
Ada modulo the type’s modulus raise Constraint_Error
C/C++ modulo power of two undefined behavior
C# modulo power of 2 in unchecked context; System.OverflowException is raised in checked cont
Java N/A modulo power of two
JavaScript all numbers are double-precision floating-point
MATLAB Builtin integers saturate. Fixed-point integers configurable to wrap or saturate
Python 2 N/A convert to long type (bigint)
Seed7 N/A raise OVERFLOW_ERROR
Scheme N/A convert to bigNum
Simulink configurable to wrap or saturate
Smalltalk N/A convert to LargeInteger
Swift Causes error unless using special overflow operato

This could happen whenever you are doing arithmetic operations such as + , – , * . When using the SafeMath library, the results of this operations will be checked and an error will be thrown stopping the execution of your smart contract.

Solidity can doing the magic

With Solidity feature, you can call the public functions defined by your library.  The SafeMath library to protect from inputs that could make your contract do unexpected things after overflow or underflow leading arithmetic operations.

Perhaps former cryptocurrency not used Solidity library and there it is possible let attacker conduct the integer overflow attacks. Below is the most update CVE status on Jul 2018.

 

ethereum — aichain_token The mintToken function of a smart contract implementation for AIChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13175 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AIChain
ethereum — air-contact_token The mintToken function of a smart contract implementation for Air-Contact Token (AIR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13179 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AirContactToken
ethereum — alex_token The mintToken function of a smart contract implementation for ALEX, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13162 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ALEX%20%28ALEX%29
ethereum — appcoins_token The mintToken function of a smart contract implementation for appcoins (APPC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13185 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/appcoins
ethereum — assettoken The mintToken function of a smart contract implementation for AssetToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13158 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AssetToken
ethereum — athleticoin_token The mintToken function of a smart contract implementation for AthletiCoin (ATHA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13166 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/AthletiCoin
ethereum — atlant_token ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-11429 https://github.com/dwfault/AirTokens/tree/master/ATLANT
ethereum — azuriontoken The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13068 https://github.com/VenusADLab/EtherTokens/blob/master/AzurionToken/AzurionToken.md
ethereum — bankcoin_token The mintToken function of a smart contract implementation for bankcoin (BNK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13159 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bankcoin
ethereum — betcash_token The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13076 https://github.com/VenusADLab/EtherTokens/blob/master/Betcash/Betcash.md
ethereum — bitotal_token Bitotal (TFUND) is a smart contract running on Ethereum. The mintTokens function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-13130 https://github.com/dwfault/AirTokens/tree/master/Bitotal
ethereum — bittelux_token The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. CVE-2018-13326 https://github.com/safecomet/EtherTokens/blob/master/Bittelux%20%28BTX%29/Bittelux%20%28BTX%29.md
ethereum — bonustoken The mintToken function of a smart contract implementation for bonusToken (BNS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13156 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bonusToken
ethereum — bzxcoin_token The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13172 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bzxcoin
ethereum — carbon_exchange_coin_token The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13075 https://github.com/VenusADLab/EtherTokens/blob/master/CarbonExchangeCoinToken/CarbonExchangeCoinToken.md
ethereum — ccindex10_token The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13071 https://github.com/VenusADLab/EtherTokens/blob/master/CCindexToken/CCindexToken.md
ethereum — chuchulingaigo_token The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. CVE-2018-13327 https://github.com/safecomet/EtherTokens/blob/master/ChuCunLingAIGO%20%28CCLAG%29/ChuCunLingAIGO%20%28CCLAG%29.md
ethereum — cibn_live_token The mintToken function of a smart contract implementation for CIBN Live Token (CIBN LIVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13187 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CIBNLiveInteractiveToken
ethereum — coffeecoin_token The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13072 https://github.com/VenusADLab/EtherTokens/blob/master/Coffeecoin/Coffeecoin.md
ethereum — coinstar_token The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13087 https://github.com/VenusADLab/EtherTokens/blob/master/MyAdvancedToken/MyAdvancedToken.md
ethereum — cointoken The sell function of a smart contract implementation for CoinToken, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13217 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CoinToken
ethereum — cranoo_token The mintToken function of a smart contract implementation for Cranoo (CRN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13195 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CranooAdvanced
ethereum — crowdnext_token The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13228 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Crowdnext
ethereum — cryptoabs_token The mintToken function of a smart contract implementation for CryptoABS (ABS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13174 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptoABS
ethereum — cryptonitexcoin_token The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13157 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptonitexCoin
ethereum — ctb_token The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13077 https://github.com/VenusADLab/EtherTokens/blob/master/CTB/CTB.md
ethereum — dateme_token The sell function of a smart contract implementation for DateMe (DMX) (Contract Name: ProgressiveToken), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13200 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ProgressiveToken
ethereum — destineed_token The sell function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13230 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DestiNeedToken
ethereum — dvchain_token The mintToken function of a smart contract implementation for DVChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13190 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DVChain
ethereum — dychain_token The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13069 https://github.com/VenusADLab/EtherTokens/blob/master/DYC/DYC.md
ethereum — easy_trading_token The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. CVE-2018-13113 https://github.com/safecomet/EtherTokens/tree/master/Easy%20Trading%20Token%20%28ETT%29
ethereum — ectoints_token The mintToken function of a smart contract implementation for ECToints (ECT) (Contract Name: ECPoints), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13178 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ECPoints
ethereum — eliteshippertoken The mintToken function of a smart contract implementation for EliteShipperToken (ESHIP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13173 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EliteShipperToken
ethereum — encryptedtoken The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13070 https://github.com/VenusADLab/EtherTokens/blob/master/EncryptedToken/EncryptedToken.md
ethereum — enter_token The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13231 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EnterToken
ethereum — enter_token The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13232 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EnterCoin
ethereum — eppcoin_token The mintToken function of a smart contract implementation for EPPCOIN (EPP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13164 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyEPPToken
ethereum — ethercash_token The sell function of a smart contract implementation for ETHERCASH (ETC), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13204 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ETHERCASH
ethereum — ethereum_cash_pro_token The mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13169 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ethereum_Cash_Pro_Coin
ethereum — ethereumblack_token The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13073 https://github.com/VenusADLab/EtherTokens/blob/master/ETHEREUMBLACK/ETHEREUMBLACK.md
ethereum — ethereumblack_token The sell function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13199 https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md
ethereum — ethereumlegit_token The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13212 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EthereumLegit
ethereum — ethernet_cash_token The mintToken function of a smart contract implementation for Ethernet Cash (ENC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13163 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ethernet%20Cash%20%28ENC%29
ethereum — etherty_token Etherty Token (ETY) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-13128 https://github.com/dwfault/AirTokens/tree/master/ETY
ethereum — etktokens The mintToken function of a smart contract implementation for etktokens (ETK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13160 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/etktokens
ethereum — extreme_coin_token The sell function of a smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13221 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ExtremeToken
ethereum — fibtoken The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13074 https://github.com/VenusADLab/EtherTokens/blob/master/FIBToken/FIBToken.md
ethereum — freecoin_token The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13085 https://github.com/VenusADLab/EtherTokens/blob/master/FreeCoin/FreeCoin.md
ethereum — futures_pease_token The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13088 https://github.com/VenusADLab/EtherTokens/blob/master/TokenERC20/TokenERC20.md
ethereum — gemchain_token The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13155 https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md
ethereum — gmile_token The sell function of a smart contract implementation for GMile, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13214 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GMile
ethereum — go_ethereum The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue. CVE-2018-12018 https://github.com/ethereum/go-ethereum/releases/tag/v1.8.11
ethereum — good_time_coin_token The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13084 https://github.com/VenusADLab/EtherTokens/blob/master/GoodTimeCoin/GoodTimeCoin.md
ethereum — goodto_token The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13079 https://github.com/VenusADLab/EtherTokens/blob/master/GoodTo/GoodTo.md
ethereum — goutex_token The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13080 https://github.com/VenusADLab/EtherTokens/blob/master/Goutex/Goutex.md
ethereum — greenmed_token The sell function of a smart contract implementation for GreenMed (GRMD), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13216 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GreenMed
ethereum — growchain_token The _sell function of a smart contract implementation for GROWCHAIN (GROW), an Ethereum token, has an integer overflow. CVE-2018-13325 https://github.com/safecomet/EtherTokens/blob/master/GROWCHAIN%20%28GROW%29/GROWCHAIN%20%28GROW%29.md
ethereum — gsi_token The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13233 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GSI
ethereum — gvtoken_genesis_vision GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-11335 https://github.com/dwfault/AirTokens/tree/master/GVT
ethereum — gzs_token The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13081 https://github.com/VenusADLab/EtherTokens/blob/master/GZSToken/GZSToken.md
ethereum — hentaisolo_token The mintToken function of a smart contract implementation for hentaisolo (HAO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13193 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/hentaisolo
ethereum — iadowr_coin_token The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13086 https://github.com/VenusADLab/EtherTokens/blob/master/IADOWR/IADOWR.md
ethereum — ico_dollar_token The sell function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13218 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ICODollar
ethereum — imm_coin_token The mintToken function of a smart contract implementation for IMM Coin (IMC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13180 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IMMCoin
ethereum — javaswaptest_token The mintToken function of a smart contract implementation for JavaSwapTest (JST), an Ethereum token, has an integer overflow. CVE-2018-13145 https://github.com/safecomet/EtherTokens/blob/master/JavaSwapTest%20%28JST%29/JavaSwapTest%20%28JST%29.md
ethereum — jitech_token The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13078 https://github.com/VenusADLab/EtherTokens/blob/master/Jitech/Jitech.md
ethereum — jobscoin_token The mintToken function of a smart contract implementation for Jobscoin (JOB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13192 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Jobscoin
ethereum — justdcoin_token The mintToken function of a smart contract implementation for JustDCoin (JustD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13165 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DCoin
ethereum — jwc_token The mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13183 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JWCToken
ethereum — ladatoken_token The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13171 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/LadaToken
ethereum — lef_token The mintToken, buy, and sell functions of a smart contract implementation for LEF, an Ethereum token, have an integer overflow. CVE-2018-13146 https://github.com/safecomet/EtherTokens/blob/master/LEF%20%28LEF%29/LEF%20%28LEF%29.md
ethereum — link_platform_token The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13041 https://github.com/dwfault/AirTokens/blob/master/Link_Platform__LNK_/mint%20integer%20overflow.md
ethereum — loncoin_token The mintToken function of a smart contract implementation for loncoin (LON), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13182 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/loncoin
ethereum — mavcash_token The sell function of a smart contract implementation for MAVCash, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13220 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MAVCash
ethereum — miningrigrentals_token The mintToken function of a smart contract implementation for MiningRigRentals Token (MRR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13177 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MiningRigRentalsToken
ethereum — mmtcoin_token The mintToken function of a smart contract implementation for MMTCoin (MMT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13186 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MMTCoinToken
ethereum — modi_token The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13082 https://github.com/VenusADLab/EtherTokens/blob/master/ModiTokenERC20/ModiTokenERC20.md
ethereum — moneychainnet_token The sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13227 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoneyChainNetToken
ethereum — moneytree_token The sell function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13208 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoneyTreeToken
ethereum — moxyonepresale MoxyOnePresale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-13126 https://github.com/dwfault/AirTokens/tree/master/MoxyOnePresale
ethereum — multigames_token The mintToken function of a smart contract implementation for MultiGames (MLT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13161 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MultiGamesToken
ethereum — mybo_token The sell function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13202 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyBoToken
ethereum — mybo_token The mintToken function of a smart contract implementation for MyBO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13188 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyBoToken
ethereum — mytoken The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13211 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyToken
ethereum — myylc_token The sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13225 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyYLCToken
ethereum — nectar_token The sell function of a smart contract implementation for Nectar (NCTR), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13209 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NectarCoin
ethereum — objecttoken_token The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13222 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ObjectToken
ethereum — ohni_2_token The sell function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13205 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ohni
ethereum — pandora_token The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. CVE-2018-13144 https://github.com/safecomet/EtherTokens/blob/master/Pandora%20%28PDX%29/Pandora%20%28PDX%29.md
ethereum — pfgc_token The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow. CVE-2018-13328 https://github.com/safecomet/EtherTokens/blob/master/PFGc%20%28PFGc%29/PFGc%20%28PFGc%29.md
ethereum — plaza_token The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13083 https://github.com/VenusADLab/EtherTokens/blob/master/PlazaToken/PlazaToken.md
ethereum — porncoin_token The sell function of a smart contract implementation for PornCoin (PRNC), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13207 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PornCoin
ethereum — providence_crypto_casino_token The sell function of a smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13210 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ProvidenceCasinoToken
ethereum — providencecasino_token The sell function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13206 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PVE
ethereum — r_time_token The sell function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13223 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RTokenMain
ethereum — reimburse_token The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13092 https://github.com/VenusADLab/EtherTokens/blob/master/ReimburseToken/ReimburseToken.md
ethereum — ribtidecoin_token The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13229 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RiptideCoin
ethereum — sample_token The sell function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13215 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/cashBackMintable
ethereum — snoqualmie_coin_token The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13170 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SnoqualmieCoin
ethereum — sp8de_presale_token SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-13127 https://github.com/dwfault/AirTokens/tree/master/DSPX
ethereum — sp8de_token SP8DE Token (SPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-13129 https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md
ethereum — spadeico Spadeico is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-13132 https://github.com/dwfault/AirTokens/tree/master/SpadeICO
ethereum — spadepresale SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner. CVE-2018-13131 https://github.com/dwfault/AirTokens/tree/master/SpadePreSale
ethereum — stex_exchange_ico_token The sell function of a smart contract implementation for STeX Exchange ICO (STE), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13198 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/STE
ethereum — sumocoin_token The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13091 https://github.com/VenusADLab/EtherTokens/blob/master/sumocoin/sumocoin.md
ethereum — super_carbon_coin_token The mintToken function of a smart contract implementation for Super Carbon Coin (SCC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13191 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SuperCarbonCoinToken
ethereum — swaptoken_token The sellBuyerTokens function of a smart contract implementation for SwapToken, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13203 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SwapToken
ethereum — t-swap-token The sell function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13196 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TSwap
ethereum — titok-ticket_token The sell function of a smart contract implementation for TiTok – Ticket Token (Contract Name: MyAdvancedToken7), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13201 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyAdvancedToken7
ethereum — tongtong_coin_token The mintToken function of a smart contract implementation for TongTong Coin (TTCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13194 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TTCoin
ethereum — travelcoin_token The sell function of a smart contract implementation for TravelCoin (TRV), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13213 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TravelCoinToken
ethereum — travelzedi_token The mintToken function of a smart contract implementation for TravelZedi Token (ZEDI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13184 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TravelZediToken
ethereum — troo_token The mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13181 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Troo
ethereum — trust_zen_token The mintToken function of a smart contract implementation for Trust Zen Token (ZEN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13176 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TrustZen
ethereum — universal_coin_token The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13089 https://github.com/VenusADLab/EtherTokens/blob/master/UCoinToken/UCoinToken.md
ethereum — unolabo_token The mint function of a smart contract implementation for Unolabo (UNLB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13189 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/UNLB
ethereum — virtual_energy_units_token The sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13224 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TokenERC20
ethereum — welfare_token_fund_token The sell function of a smart contract implementation for Welfare Token Fund (WTF), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13197 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/WelfareTokenFund
ethereum — yitongcoin_token The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13090 https://github.com/VenusADLab/EtherTokens/blob/master/YiTongCoin/YiTongCoin.md
ethereum — ylctoken The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13226 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/YLCToken
ethereum — yourcoin_token The sell function of a smart contract implementation for YourCoin (ICO) (Contract Name: ETH033), an Ethereum token, has an integer overflow in which “amount * sellPrice” can be zero, consequently reducing a seller’s assets. CVE-2018-13219 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ETH033
ethereum — yu_gi_oh_token The mintToken function of a smart contract implementation for Yu Gi Oh (YGO) (Contract Name: NetkillerBatchToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13168 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NetkillerBatchToken
ethereum — yu_gi_oh_token The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. CVE-2018-13167 https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ygo

 

Vault 7 re-engineering by hacker. They are aim to steal the cryptocurrency.

As far as we know, Notepad++ has been updated to version 7.3.3. It aim to remediate a vulnerability on notepad. Such vulnerability exploit by law enforcement to do the survillance. The specifics annoucement released by WikiLweaks on 2017 so called Vault 7.
Wanna Cry Ransomware technology re-emngineering of Microsoft SMB weakness and jepodizing the world. It wreak havoc in cyber security world in 1st quarter in 2018.
Cryptocurrency technology proud of their design concept and technology and claimed that it can reduced the cyber attack in fundemental concept. The reality is that the total no of data breaches or money losts not less than traditional technology architecture. What’s the root causes let distrbuted technogy demote their cyber security in scanario today.
Per observation, cryptocurrency system limitation occurs in endpoint devices in frequent. From technical point of view, the zero day of attack is hard to avoid in personal computer user end point devices( mobile phone, notebook and desktop). A hints as usual inform cryptocurrency owner stayed alert. As a matter of fact, nowadays antivirus can keep secure of your system. Please make sure your virus signature is up to date.

2.3 Million Cryptocurrency Addresses Monitored by Clipboard Hijacking Malware headline news (see below):

https://www.blockchainnews.buzz/2018/07/01/2-3-million-cryptocurrency-addresses-monitored-by-clipboard-hijacking-malware/