Integer Overflow Vulnerability in PylonToken by Pylon
CVE-2018-18667

7.5HIGH

Key Information:

Vendor

Pylon-network

Status
Pylontoken
Vendor
CVE Published:
28 December 2018

What is CVE-2018-18667?

The mintToken function in PylonToken contains an integer overflow vulnerability that allows the contract owner to manipulate user balances without restriction. This flaw allows attackers to set a user's balance to any arbitrary value, posing significant risks in terms of unauthorized asset allocation and compromising the integrity of the token's ecosystem. The vulnerability is related to other known issues such as CVE-2018-11812, making it imperative for users and developers to review their smart contract implementations and apply necessary security measures.

References

https://github.com/n0pn0pn0p/smart_contract_-vulnerabilit...
x_refsource_MISC
https://etherscan.io/address/0x7703c35cffdc5cda8d27aa3df2...
x_refsource_MISC
https://github.com/klenergy/ethereum-contracts/issues/1
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.