VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 5, 2018· Updated Aug 5, 2024

CVE-2018-13157

CVE-2018-13157

Description

The mintToken function of a smart contract implementation for CryptonitexCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The mintToken function in CryptonitexCoin smart contract has an integer overflow vulnerability allowing the owner to arbitrarily set any user's balance.

Vulnerability

The mintToken function in the CryptonitexCoin (CRTX) smart contract [2] lacks overflow protection, allowing integer overflow when minting tokens. This enables the contract owner to set an arbitrary user's balance to any value, as described in the CVE description. The same vulnerability pattern is documented in [1].

Exploitation

An attacker must be the contract owner. The owner calls mintToken with a large value that causes an integer overflow, bypassing balance limits. No special network access or user interaction is required, just a transaction from the owner's address.

Impact

The owner can arbitrarily set the balance of any user, effectively creating tokens out of thin air or debasing the token supply. This leads to loss of token value and potential theft of funds.

Mitigation

No fix has been disclosed in the available references. The contract remains unpatched. Users should avoid trusting this token. [1] demonstrates similar vulnerabilities, suggesting that developers should use the SafeMath library or similar to prevent overflows.

References
  1. EtherTokens/GEMCHAIN/mint integer overflow.md at master · BlockChainsSecurity/EtherTokens
  2. EtherTokens/CryptonitexCoin at master · BlockChainsSecurity/EtherTokens

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.