CVE-2018-11429

Vulnerability

The mint function in the ATLANT token smart contract has an integer overflow vulnerability. The check require(totalSupply + value <= TOKEN_LIMIT) can be bypassed because totalSupply and value are uint. When totalSupply is near TOKEN_LIMIT (defined as 8888888888 * 1e18), a huge value (e.g., 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff) causes overflow in the addition, making the sum less than TOKEN_LIMIT. This allows minting of arbitrary tokens. The affected contract is at address 0x05aaaa829afa407d83315cded1d45eb16025910c as detailed in reference [1].

Exploitation

An attacker must be the contract owner (i.e., have msg.sender == ico). The attacker first sets totalSupply to a value near TOKEN_LIMIT, then calls mint with a very large value. The addition totalSupply + value overflows, satisfying the require check. Subsequently, balances[holder] += value and totalSupply += value also overflow, giving the owner a practically unlimited token balance. No user interaction or additional privileges are required beyond ownership [1].

Impact

A successful exploit allows the contract owner to mint an arbitrary number of tokens, bypassing the intended supply cap. This can lead to severe inflation, loss of token value, and theft of funds from other holders. The attacker effectively gains unlimited control over the token supply [1].

Mitigation

No official patch is mentioned in the references. Developers should use a SafeMath library to prevent integer overflows, or add a check that totalSupply + value does not overflow (e.g., require(totalSupply + value >= totalSupply)). As of the CVE publication date (2018-07-04), no fix was available [1].