CVE-2018-13228

Vulnerability

The Crowdnext (CNX) Ethereum token smart contract contains an integer overflow vulnerability in its sell(uint256 amount) function. When the contract owner sets sellPrice to an extremely large value (e.g., 0x8000000000000000000000000000000000000000000000000000000000000000), the multiplication amount * sellPrice overflows and evaluates to zero. This occurs because Solidity's default integer arithmetic does not check for overflow. The vulnerable code is identical to the pattern shown in reference [1] and is present in the Crowdnext contract deployed at addresses listed in reference [2]. All versions of the Crowdnext token are affected.

Exploitation

An attacker who controls the contract's setPrices() function (typically the contract owner) can set sellPrice to a value that causes amount * sellPrice to overflow to zero. When any user then calls sell(amount) to trade tokens back for ETH, the msg.sender.send(amount * sellPrice) sends 0 wei. The user's token balance is still deducted, and the tokens are transferred to the contract. No user interaction beyond the sell call is required, and the attacker does not need any special privileges other than ownership of the contract to set the price.

Impact

A seller loses the tokens they attempted to sell without receiving any ETH in return. The contract retains the seller's tokens, effectively stealing them. The attacker (owner) can repeatedly exploit this to drain token holders of their assets. The impact is financial loss for token holders and loss of trust in the token.

Mitigation

No official fix or patched version for Crowdnext (CNX) has been published as of the disclosure date (2018-07-05). The vulnerability can be mitigated by using a safe math library (e.g., OpenZeppelin's SafeMath) to check for overflow before performing arithmetic operations. Token holders should avoid interacting with this contract or any similar contracts that do not properly guard against integer overflow. The vulnerability is not listed on the CISA KEV.