CVE False Reported Case
Clone this wiki locally
CVE-2018-13113
According to the reference, integer overflow is found in the transfer function and the transferFrom function. But, since the sum of the balances is always less than totalSupply which implies that the operation cannot be exploited. In other words, _value + balances[_to] <= balances[msg.sender] + balances[_to] <= totalSupply <= 2^256 - 1 because _value <= balances[msg.sender]
CVE-2018-13144
Similar to the CVE-2018-13113, the reference describes that the transfer function and the transferFrom function. However, the sum of the balances is always less than totalSupply, so the operation is safe. In other words, _value + balances[_to] <= balances[msg.sender] + balances[_to] <= totalSupply <= 2^256 - 1 because _value <= balances[msg.sender]
CVE-2018-13326
Same as CVE-2018-13113, the reference describes that the transfer function and the transferFrom function. However, the sum of the balances is always less than totalSupply, so the operation is safe. In other words, _value + balances[_to] <= balances[msg.sender] + balances[_to] <= totalSupply <= 2^256 - 1 because _value <= balances[msg.sender]
CVE-2018-13327
Same as CVE-2018-13113, the reference describes that the transfer function and the transferFrom function. However, the sum of the balances is always less than totalSupply, so the operation is safe. In other words, _value + balances[_to] <= balances[msg.sender] + balances[_to] <= totalSupply <= 2^256 - 1 because _value <= balances[msg.sender]