CVE-2018-13529

Vulnerability

The mintToken function in the BetterThanAdrien smart contract (an Ethereum token) contains an integer overflow vulnerability. This allows the contract owner to arbitrarily set the balance of any user by passing an overly large value that overflows the internal balance storage. The vulnerability affects all versions of the contract as described in the references [1], [2].

Exploitation

The attacker must be the owner of the contract. The owner calls mintToken with a target address and a value chosen to cause an integer overflow. Underflow or overflow of the user's balance results in the balance being set to an unexpected value (e.g., zero or a very large number), effectively giving the owner control over any account's token balance [1], [2].

Impact

Successful exploitation allows the contract owner to manipulate the token supply and set arbitrary balances for any user. This can lead to financial theft, denial of service (e.g., zeroing out user balances), or other malicious outcomes depending on the token's use [1], [2].

Mitigation

No official fix or patched version has been released. As a workaround, token holders may consider renaming or migrating to a contract that uses safe math libraries (e.g., OpenZeppelin's SafeMath) to prevent integer overflows. The contract may be presumed unmaintained or vulnerable [1], [2].