CVE-2018-13090

Vulnerability

The mintToken function in the YiTongCoin (YTC) smart contract has an integer overflow vulnerability. The line balanceOf[target] += mintedAmount; uses uint types without overflow protection, allowing the owner to cause an overflow by passing a large mintedAmount value. This affects all versions of the contract as deployed at the Ethereum address [1].

Exploitation

The contract owner calls mintToken with a large mintedAmount (e.g., 0x8000000000000000000000000000000000000000000000000000000000000000). The addition overflows, setting the target's balance to a small value. By minting tokens twice, the owner can set the balance to zero or any arbitrary value [1].

Impact

An attacker (the contract owner) can arbitrarily manipulate any user's token balance, effectively controlling the total supply and individual holdings. This undermines trust in the token's value and can lead to financial loss for holders.

Mitigation

No official fix has been published. Developers should use SafeMath library functions to prevent integer overflows. Replace balanceOf[target] += mintedAmount; with balanceOf[target] = balanceOf[target].add(mintedAmount); and similarly for totalSupply. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.