CVE-2018-19833

The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity...

CVE-2018-19833

The CVE-2018-19833 entry concerns the DDQ smart contract (ERC20) where the function that sets/owners can be invoked by anyone because there is no caller identity check. Connected CNVD records (e.g., CNVD-2020-03511 describing DDQ override vulnerability) reiterate that the DDQ implementation’s own...