EUVD-2018-2449

Malware in sbrugna...

New proxyOverflow Bug in Multiple ERC20 Smart Contracts (CVE-2018-10376)

On 4/24/2018, 01:17:50 p.m. UTC, PeckShield again detected an unusual MESH token transaction shown in Figure 1. In this particular transaction, someone transferred a large amount of MESH token — 0x8fff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff 63 f’s to herself...

Integer overflow

An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh aka SMT, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted fee and value parameters, as exploited in the wild in April 2018, aka the...

CVE-2018-10376

CVE-2018-10376 concerns an integer overflow in the transferProxy function of the SmartMesh (SMT) ERC20 smart contract. The root cause is an overflow when values are computed with the input parameters _fee and _value, enabling an attacker to increase token balances beyond legitimate amounts. The v...

CVE-2018-10376

An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh aka SMT, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted fee and value parameters, as exploited in the wild in April 2018, aka the...