Back to KEVs

CVE-2018-10376

An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows...

Basic Information

CVE State
PUBLISHED
Reserved Date
April 25, 2018
Published Date
April 25, 2018
Last Updated
August 05, 2024
Vendor
SmartMesh
Product
SmartMesh
Description
An integer overflow in the transferProxy function of a smart contract implementation for SmartMesh (aka SMT), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets via crafted _fee and _value parameters, as exploited in the wild in April 2018, aka the "proxyOverflow" issue.

CVSS Scores

CVSS v3.0

7.5 - HIGH

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploit Status

Exploited in the Wild
Yes (2018-04-25 09:00:00 UTC) Source

References

https://peckshield.com/2018/04/25/proxyOverflow/ https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/ https://dasp.co/#item-3

Known Exploited Vulnerability Information

Source Added Date
CVE 2018-04-25 09:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel