Lucene search
Zhihua Yao1337DAY-ID-30789HistoryJul 27, 2018 - 12:00 a.m.
Tracto ERC20 Integer Overflow Vulnerability
2018-07-2700:00:00
Zhihua Yao
0day.today
26
0.002 Low
EPSS
Percentile
60.8%
Exploit for multiple platform in category dos / poc
Hello,I found an integer overflow in increaseApproval function.And it doesn't use the safe function to add value.
code addresss:
https://etherscan.io/address/0x30ceCB5461A449A90081F5a5F55db4e048397BAB
vuln code:
function increaseApproval (address _spender, uint _addedValue)
returns (bool success) {
//allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue);
allowed[msg.sender][_spender] += _addedValue; //integer overflow
Approval(msg.sender, _spender, allowed[msg.sender][_spender]);
return true;
}
This issue has been already applied for CVE-2018-14063
The issue link :
https://github.com/tracto2/Tracto-ERC20/issues/1
--
-----------------------------------------------------------------
aea*a(r)aea?!ae-aeae-e!a>>1/2aeea!a,
aee'aoa,e"-ccY=a1/4aee"
aeaeo:13588722924
e(r)c(r)+-:[email protected]
a!a,c1/2a:http://www.dbappsecurity.com.cn
a(r)ae1a3/4(r)a?!:DBAPP2013 a(r)C/aecco?:400-6059-110
ec3>>adega:aea*a,ae>>"ae+-aoeae*-68a*a,e'C/a$?SSa|15a+-i1/4310051i1/4
-----------------------------------------------------------------
# 0day.today [2018-07-30] #Related
cve
cve
CVE-2018-14063
2018-07-15 15:29:00
cvelist
cvelist
CVE-2018-14063
2018-07-15 15:00:00
nvd
nvd
CVE-2018-14063
2018-07-15 15:29:00
prion
prion
Integer overflow
2018-07-15 15:29:00