Integer Overflow Vulnerability in Bitcoin Red Smart Contract by Bitcoin Red Foundation
CVE-2018-11687

7.5HIGH

Key Information:

Vendor: Bitcoin Red Project
Status: Bitcoin Red
Vendor: CVE Published:; 15 August 2018

🔔 Create Bitcoin Red Project Vulnerability Alert

What is CVE-2018-11687?

An integer overflow vulnerability exists in the distributeBTR function of the Bitcoin Red smart contract, an implementation of the Ethereum ERC20 token. This flaw allows a malicious actor to manipulate the contract by supplying a large address array, resulting in an unauthorized increment of digital assets owned by the contract's administrator. This issue, identified in May 2018, poses significant risks to the integrity of asset management within the Bitcoin Red ecosystem.

References

https://www.anquanke.com/post/id/147913

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2018
Vulnerability Reserved
Jun 3, 2018