EUVD-2018-4656

Malware in sbrugna...

EUVD-2018-4655

Malware in sbrugna...

New evilReflex Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-12702, CVE-2018-12703)

Update: 2018-06-24 With swift, coordinated response from Huobi.pro, we appreciate the announcement 11 on suspending the deposits and withdrawals of affected tokens! Our vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities batchOverflow...

Design/Logic Flaw

The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem GVE, an Ethereum ERC20 token, allows attackers to steal assets e.g., transfer the contract's balances into their account because the callcode i.e., spender.callextraData is not verified, aka the...

CVE-2018-12702

The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem GVE, an Ethereum ERC20 token, allows attackers to steal assets e.g., transfer the contract's balances into their account because the callcode i.e., spender.callextraData is not verified, aka the...

CVE-2018-12702

The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem GVE, an Ethereum ERC20 token, allows attackers to steal assets e.g., transfer the contract's balances into their account because the callcode i.e., spender.callextraData is not verified, aka the...

CVE-2018-12703

The CVE-2018-12703 vulnerability affects the approveAndCallcode flow in Block 18 (18T) ERC20 contracts. The issue is that _spender.call(_extraData) is not verified, enabling an attacker to hijack the callback and trigger arbitrary contract calls from the vulnerable contract. According to the Seeb...

CVE-2018-12702

The CVE-2018-12702 entry concerns Globalvillage ecosystem (GVE) ERC20 contracts where approveAndCallcode allows an attacker to hijack a callback via a non-verified _spender.call(_extraData), enabling token transfers from the vulnerable contract (evilReflex). Connected sources describe the mechani...