CVE-2018-13130

Vulnerability

The Bitotal (TFUND) smart contract [2] on Ethereum contains an integer overflow vulnerability in the mintTokens function. The function performs addition operations on totalSupply and balances[holder] without proper overflow protection. The check require(totalSupply + value <= TOKEN_LIMIT) can be bypassed by supplying a very large value that causes an integer overflow, making the sum wrap around to a small number. This allows the contract owner to mint an arbitrary amount of tokens. The vulnerability exists in the Bitotal contract as deployed on Ethereum.

Exploitation

The attacker must be the contract owner (the ico address) to call mintTokens. By providing a value such that totalSupply + value overflows to a number less than TOKEN_LIMIT, the check passes. For example, if totalSupply is near TOKEN_LIMIT, a value of 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff causes the sum to overflow to a small number. Similarly, balances[holder] += value also overflows, resulting in a huge balance for the holder. The owner can then mint tokens to any address.

Impact

The contract owner can arbitrarily mint tokens, effectively creating tokens out of thin air. This leads to a complete loss of token scarcity and value, as the total supply can be inflated without limit. The impact is a total compromise of the token's economic model, allowing the owner to drain value from the token ecosystem.

Mitigation

No official fix has been published for Bitotal (TFUND). The contract remains vulnerable as of the publication date. Users should avoid holding or trading this token. The vulnerability is similar to other tokens with the same code pattern, such as SPX token [1]. A proper fix would use SafeMath library or check for overflow before addition.