CVE-2018-13087

Vulnerability

The mintToken function in the Coinstar (CSTR) Ethereum token contract (address 0x294ee9f35988af1ce361409cee4251a293d21f5c) contains an integer overflow vulnerability. The function adds mintedAmount to balanceOf[target] and totalSupply using the += operator on uint variables without overflow protection. This allows the contract owner to trigger an overflow by passing a sufficiently large mintedAmount value, such as 0x8000000000000000000000000000000000000000000000000000000000000000 [1]. The vulnerability is present in the MyAdvancedToken implementation, which is the basis for the CSTR token.

Exploitation

An attacker must be the contract owner (the onlyOwner modifier restricts access). The owner calls mintToken(address target, uint256 mintedAmount) with a mintedAmount value that causes an integer overflow when added to the target's current balance. For example, minting 0x8000000000000000000000000000000000000000000000000000000000000000 tokens to a user sets their balance to that value; a second mint of the same amount overflows the balance back to zero. By carefully choosing the mintedAmount, the owner can set any user's balance to any arbitrary value [1].

Impact

A successful exploit gives the contract owner complete control over the token balances of any address. The owner can arbitrarily inflate or deflate individual balances, effectively manipulating the token supply and distribution. This can lead to loss of funds for other holders, price manipulation, and a complete breakdown of trust in the token's economic model [1].

Mitigation

No official patch or fixed version has been published for the Coinstar (CSTR) contract. The vulnerability stems from the lack of overflow-safe arithmetic; developers should use a library like OpenZeppelin's SafeMath to prevent integer overflows. Users of the token should consider it compromised and avoid holding value in it until a verified fix is deployed [1].