Skip to content

CVE False Reported Case

Jisu Park edited this page Jan 29, 2019 · 1 revision

CVE-2018-13113

According to the reference, integer overflow is found in the transfer function and the transferFrom function. But, since the sum of the balances is always less than totalSupply which implies that the operation cannot be exploited. In other words, _value + balances[_to] <= balances[msg.sender] + balances[_to] <= totalSupply <= 2^256 - 1 because _value <= balances[msg.sender]

CVE-2018-13144

Similar to the CVE-2018-13113, the reference describes that the transfer function and the transferFrom function. However, the sum of the balances is always less than totalSupply, so the operation is safe. In other words, _value + balances[_to] <= balances[msg.sender] + balances[_to] <= totalSupply <= 2^256 - 1 because _value <= balances[msg.sender]

CVE-2018-13326

Same as CVE-2018-13113, the reference describes that the transfer function and the transferFrom function. However, the sum of the balances is always less than totalSupply, so the operation is safe. In other words, _value + balances[_to] <= balances[msg.sender] + balances[_to] <= totalSupply <= 2^256 - 1 because _value <= balances[msg.sender]

CVE-2018-13327

Same as CVE-2018-13113, the reference describes that the transfer function and the transferFrom function. However, the sum of the balances is always less than totalSupply, so the operation is safe. In other words, _value + balances[_to] <= balances[msg.sender] + balances[_to] <= totalSupply <= 2^256 - 1 because _value <= balances[msg.sender]