5 matches found
CVE-2019-15080
An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract which is inherited by MORPH Token allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for...
Code injection
An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract which is inherited by MORPH Token allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for...
Aurora IDEX Membership(IDXM), ERC20 Token, allows attackers to acquire contract ownership (CVE-2018–10666)
Abstract I found a new vulnerability in smart contract of IDXM Token CVE-2018–106661. Attackers can acquire contract ownership because the setOwner function is delcared as public. A new owner can subsequently bypass intended access restrictions by, for example, calling uploadBalances. Details In...
CVE-2018-10705
The Owned smart contract implementation for Aurora DAO AURA, an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. An attacker can then conduct a lockBalances denial of service attack...
CVE-2018-10666
The Owned smart contract implementation for Aurora IDEX Membership IDXM, an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. A new owner can subsequently modify variables...