Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Integer overflow in SunContract

From: 姚志华 <zhihua.yao () dbappsecurity com cn>
Date: Wed, 25 Jul 2018 19:32:17 +0800 (GMT+08:00)
I have found an integer overflow in mintTokens,the supply variable could overflow,because of the _amount variable is 
controlled by us and can eventually cause supply overflow to zero.


vuln code:


  function mintTokens(address _to, uint256 _amount) {         
    if (msg.sender != icoContractAddress) throw;            // Only ICO address can mint tokens        
    if (restrictedAddresses[_to]) throw;                    // Throw if user wants to send to restricted address       
    if (balances[_to] + _amount < balances[_to]) throw;     // Check for overflows
    supply += _amount;   //integer overflow                                     // Update total supply
    balances[_to] += _amount;                               // Set minted coins to target
    Mint(_to, _amount);                                     // Create Mint event       
    Transfer(0x0, _to, _amount);                            // Create Transfer event from 0x
  } 


contract address
https://etherscan.io/address/0xF4134146AF2d511Dd5EA8cDB1C4AC88C57D60404#code


reference link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14576
https://github.com/SunContract/SmartContracts/issues/1



--

-----------------------------------------------------------------


杭州安恒信息技术股份有限公司
明鉴事业部-策略引擎部
手机:13588722924
邮箱:zhihua.yao () dbappsecurity com cn
公司网址:http://www.dbappsecurity.com.cn
官方微信:DBAPP2013   客服热线:400-6059-110
联系地址:杭州市滨江区通和路68号中财大厦15层(310051)
-----------------------------------------------------------------

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: