3 matches found
CVE-2018-12702
The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem GVE, an Ethereum ERC20 token, allows attackers to steal assets e.g., transfer the contract's balances into their account because the callcode i.e., spender.callextraData is not verified, aka the...
Design/Logic Flaw
The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem GVE, an Ethereum ERC20 token, allows attackers to steal assets e.g., transfer the contract's balances into their account because the callcode i.e., spender.callextraData is not verified, aka the...
CVE-2018-12702
The CVE-2018-12702 entry concerns Globalvillage ecosystem (GVE) ERC20 contracts where approveAndCallcode allows an attacker to hijack a callback via a non-verified _spender.call(_extraData), enabling token transfers from the vulnerable contract (evilReflex). Connected sources describe the mechani...