CVE-2018-13072

Vulnerability

The mintToken function in the Coffeecoin (COFFEE) smart contract (at address 0x9d5bd53fc23d6485a80b9879097e67a797365ca5) contains an integer overflow vulnerability [1]. The function uses the += operator on uint variables balanceOf[target] and mintedAmount, which can overflow if mintedAmount is sufficiently large. The function is restricted to the contract owner via the onlyOwner modifier. All versions of this contract are affected.

Exploitation

An attacker who is the contract owner can call mintToken with an arbitrarily large mintedAmount value (e.g., 0x8000000000000000000000000000000000000000000000000000000000000000 wei) to cause an integer overflow [1]. By minting such a large amount twice to the same target, the balance can be set to zero. More generally, the owner can control the balance of any user to any desired value by carefully choosing the mintedAmount to produce the desired overflow result.

Impact

Successful exploitation allows the contract owner to arbitrarily set the token balance of any user [1]. This undermines the integrity of the token supply and user balances, enabling the owner to inflate or deflate balances at will, potentially stealing funds or manipulating the token economy.

Mitigation

No official fix has been released for this contract [1]. Users are advised to avoid using this Coffeecoin token contract and to migrate to a secure implementation that includes proper overflow protection (e.g., using SafeMath). The contract may be considered deprecated or malicious.