CVE-2018-11446
CVE-2018-11446 describes a tradeTrap in the Gold Reward (GRX) ERC20 contract where the buy() path multiplies amount by buyPrice without SafeMath, enabling an overflow that can trap funds. The owner can set buyPrice via setPrices(), potentially manipulating prices and enabling arbitrage-like explo...