Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integer overflow in mintTokens #1

Closed
whiteHat001 opened this issue Jul 17, 2018 · 4 comments
Closed

Integer overflow in mintTokens #1

whiteHat001 opened this issue Jul 17, 2018 · 4 comments

Comments

@whiteHat001
Copy link

whiteHat001 commented Jul 17, 2018

Hello,
I have found an integer overflow in mintTokens,the supply variable could overflow,because of the _amount variable is controlled by us and can eventually cause supply overflow to zero.

  function mintTokens(address _to, uint256 _amount) {         
    if (msg.sender != icoContractAddress) throw;            // Only ICO address can mint tokens        
    if (restrictedAddresses[_to]) throw;                    // Throw if user wants to send to restricted address       
    if (balances[_to] + _amount < balances[_to]) throw;     // Check for overflows
    supply += _amount;                                      // Update total supply
    balances[_to] += _amount;                               // Set minted coins to target
    Mint(_to, _amount);                                     // Create Mint event       
    Transfer(0x0, _to, _amount);                            // Create Transfer event from 0x
  } 

Discovered by zhihua.yao@dbappsecurity.com.cn(hackyzh)

@whiteHat001
Copy link
Author

whiteHat001 commented Jul 20, 2018

Any update? @lukapusic

@meithecatte
Copy link

Correct me if I'm wrong, but AFAICS the first line of this function will prevent unauthorized use, effectively mitigating the vulnerability.

@ghost
Copy link

ghost commented Aug 1, 2018

@NieDzejkob correct, the first line makes sure that only the ICO contract can mint tokens. Since ICO contract cannot mint tokens because the ICO has ended, this does not pose a problem. There are safeguards in the ICO contract which prevent it from minting new tokens.

@whiteHat001
Copy link
Author

Yes,you are correct.I don't notice the first line.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants