Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

contract address:

PolyAi (AI) https://etherscan.io/address/0x5121e348e897daef1eef23959ab290e5557cf274#code (CVE-2018-17050)

ubstratum (SUB) https://etherscan.io/address/0x12480e24eb5bec1a9d4369cab6a80cad3c0a377a#code (CVE-2018-12511)

BitAseanToken https://etherscan.io/address/0x2a05d22db079bc40c2f77a1d1ff703a56e631cc1#code

Buggyra Coin Zero (BCZERO) https://etherscan.io/address/0xd45247c07379d94904e0a87b4481f0a1ddfa0c64#code

EcoRealEstate (ECOREAL) https://etherscan.io/address/0xb052f8a33d8bb068414eade06af6955199f9f010#code

Fujinto (NTO) https://etherscan.io/address/0x8a99ed8a1b204903ee46e733f2c1286f6d20b177#code

ICO (¢) https://etherscan.io/address/0xa33e729bf4fdeb868b534e1f20523463d9c46bee#code

Internet Node Token (INT) https://etherscan.io/address/0x0b76544f6c413a555f309bf76260d1e02377c02a#code

Nexxus (NXX) https://etherscan.io/address/0x7627de4b93263a6a7570b8dafa64bae812e5c394#code (CVE-2018-18665)

Pylon (PYLNT) https://etherscan.io/address/0x7703c35cffdc5cda8d27aa3df2f9ba6964544b6e#code (CVE-2018-18667)

RemiCoin (RMC) https://etherscan.io/address/0x7dc4f41294697a7903c4027f6ac528c5d14cd7eb#code

SwftCoin (SWFTC) https://etherscan.io/address/0x0bb217e40f8a5cb79adf04e1aab60e5abd0dfc1e#code (CVE-2018-18666)

Target Coin (TGT) https://etherscan.io/address/0x0bb217e40f8a5cb79adf04e1aab60e5abd0dfc1e#code

PolyAi (AI)

function mintToken(address target, uint256 mintedAmount) onlyOwner {
        balanceOf[target] += mintedAmount;
        Transfer(0, owner, mintedAmount);
        Transfer(owner, target, mintedAmount);
    }

The PolyAi token could be arbitrary minted by its creator in function mintToken(). The balanceOf[target] and mintedAmount are a defined as uint, so oprator '+' would definitely result in an integer overflow.

step1:call mintToken and give "0x692a70d2e424a56d2c6c27aa97d1a86395877b3a" 10 tokens

p0

we can see the balance of 0x692a70d2e424a56d2c6c27aa97d1a86395877b3a is 10

step2:call mintToken and give "0x692a70d2e424a56d2c6c27aa97d1a86395877b3a"

p0 115792089237316195423570985008687907853269984665640564039457584007913129639926(2^256 -10) tokens

we can see the balance of 0x692a70d2e424a56d2c6c27aa97d1a86395877b3a is 0 in theabove picture.

By the way, the totalSupply is not operated everytime mintToken is called."

Substratum (SUB) & BitAseanToken

 function mintToken(address target, uint256 mintedAmount) onlyOwner {
        balanceOf[target] += mintedAmount;
        totalSupply += mintedAmount;
        Transfer(0, this, mintedAmount);
        Transfer(this, target, mintedAmount);
    }

the exploit process is same as the first one