CVE-2018-13076

Vulnerability

The mintToken function in the Betcash (BC) Ethereum smart contract (version identified on Etherscan at 0x4D391B4350cA1C690eBaf00d35bfcDd5721470F8) contains an integer overflow vulnerability. The function adds mintedAmount to balanceOf[target] using the += operator without a safe math check, as both balanceOf[target] and mintedAmount are uint256. This allows the owner to set the balance of any user to an arbitrary value by causing an overflow [1].

Exploitation

The attacker must be the owner of the contract (the address that deployed it). No external authentication or user interaction is required. The owner can repeatedly call mintToken with large values, such as 0x8000000000000000000000000000000000000000000000000000000000000000 Wei. When such a value is added to a user's existing balance, the addition can overflow to zero or any other value controlled by the attacker, effectively allowing the owner to set that user's balance to any desired integer [1].

Impact

An attacker who is the contract owner can arbitrarily manipulate the token balances of any user. This directly undermines the integrity of the token's supply and value, enabling the owner to mint infinite tokens, drain balances, or disrupt the contract's expected behavior. The impact is a complete loss of trust in the token's scarcity and ownership model [1].

Mitigation

No official fix has been published for the Betcash contract as of the advisory date (2018-07-02). The vulnerability is inherent in the code and exists in any deployment using the flawed mintToken logic. Users should avoid interacting with this token contract, and the contract should be replaced with a version that uses a safe math library (e.g., OpenZeppelin's SafeMath). The vulnerable contract is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog [1].