Unrated severityNVD Advisory· Published Apr 23, 2018· Updated Aug 5, 2024

CVE-2018-10299

Description

An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the "batchOverflow" issue.

Affected products

Beauty Chain/Becinferred

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

dasp.comitrex_refsource_MISC
medium.com/secbit-media/a-disastrous-vulnerability-found-in-smart-contracts-of-beautychain-bec-dbf24ddbc30emitrex_refsource_MISC
peckshield.com/2018/04/22/batchOverflow/mitrex_refsource_MISC
support.okex.com/hc/en-us/articles/360002944212-BeautyChain-BEC-Withdrawal-and-Trading-Suspendedmitrex_refsource_MISC
twitter.com/OKEx_/status/987967343983714304mitrex_refsource_MISC
www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000