CVE-2018-13219

Vulnerability

The sell() function in the ETH033 (YourCoin) smart contract has an integer overflow vulnerability. The function computes amount * sellPrice and sends that value in ETH to the seller. If sellPrice is set to a very large value (e.g., 0x8000000000000000000000000000000000000000000000000000000000000000), then for small amount values, the multiplication overflows and results in zero. This causes the seller's tokens to be transferred to the contract but no ETH to be sent back [1]. The vulnerable code is present in the ETH033 contract, which is based on a similar pattern used in other tokens like ETHEREUMBLACK and CCindexToken.

Exploitation

An attacker must be the contract owner (or have setPrices() privilege) to set sellPrice to an extremely high value. After that, any user calling sell(uint256 amount) with an amount such that amount * sellPrice overflows to zero will lose their tokens. No special user interaction beyond a normal sell transaction is required, and the attacker does not need to be the seller [1].

Impact

Successful exploitation results in the seller losing the tokens sent to the contract without receiving any ETH in return. The contract retains the tokens, effectively stealing them from the seller. The attacker (contract owner) can then potentially withdraw or manipulate the tokens, causing financial loss to token holders.

Mitigation

No official fix has been provided for the ETH033 contract. Token holders should avoid interacting with the contract if the owner has not implemented overflow protection. The vulnerability can be prevented by using a SafeMath library (e.g., OpenZeppelin's) to perform arithmetic operations safely, or by checking that amount * sellPrice does not overflow before executing the transfer [1].