[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Integer overflow in SunContract
From: 姚 <zhihua.yao () dbappsecurity ! com ! cn>
Date: 2018-07-25 11:32:17
Message-ID: 6d3b5d9a.4f4.164d1360d5d.Coremail.zhihua.yao () dbappsecurity ! com ! cn
[Download RAW message or body]
I have found an integer overflow in mintTokens,the supply variable could overflow,because of \
the _amount variable is controlled by us and can eventually cause supply overflow to zero.
vuln code:
function mintTokens(address _to, uint256 _amount) {
if (msg.sender != icoContractAddress) throw; // Only ICO address can mint tokens \
if (restrictedAddresses[_to]) throw; // Throw if user wants to send to \
restricted address if (balances[_to] + _amount < balances[_to]) throw; // Check for \
overflows supply += _amount; //integer overflow // \
Update total supply balances[_to] += _amount; // Set minted \
coins to target Mint(_to, _amount); // Create Mint event \
Transfer(0x0, _to, _amount); // Create Transfer event from 0x
}
contract address
https://etherscan.io/address/0xF4134146AF2d511Dd5EA8cDB1C4AC88C57D60404#code
reference link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14576
https://github.com/SunContract/SmartContracts/issues/1
--
-----------------------------------------------------------------
杭州安恒信息技术股份有限公司
明鉴事业部-策略引擎部
手机:13588722924
邮箱:zhihua.yao@dbappsecurity.com.cn
公司网址:http://www.dbappsecurity.com.cn
官方微信:DBAPP2013 客服热线:400-6059-110
联系地址:杭州市滨江区通和路68号中财大厦15层(310051)
-----------------------------------------------------------------
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic