CVE-2018-10468
The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- April 26, 2018
- Published Date
- April 28, 2018
- Last Updated
- August 05, 2024
- Vendor
- n/a
- Product
- Useless Ethereum Token (UET)
- Description
- The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the "transferFlaw" issue.
CVSS Scores
CVSS v3.0
7.5 - HIGH
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v2.0
5.0
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploit Status
- Exploited in the Wild
- Yes (2018-04-28 13:00:00 UTC) Source
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CVE | 2018-04-28 13:00:00 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel