CVE-2018-13560

Vulnerability

The mintToken function in the KelvinToken smart contract (an Ethereum token) contains an integer overflow vulnerability. The function does not perform arithmetic overflow checks when updating a user's balance, allowing the contract owner to pass a large mintedAmount value that overflows the totalSupply and user balance variables. This affects all versions of the KelvinToken contract as present in the referenced repository [1].

Exploitation

An attacker must be the contract owner (the account that deployed the contract). The owner calls mintToken with a target address and a mintedAmount value that, when added to the current balance, exceeds the maximum uint256 value. The overflow wraps the balance to a small or zero value, effectively allowing the owner to set the balance of any user to any arbitrary value [2]. No user interaction or additional privileges are required beyond ownership.

Impact

A successful exploit allows the contract owner to arbitrarily manipulate the token balance of any address. This can be used to inflate the total token supply, create tokens out of thin air, or drain balances of other users. The integrity of the token's ledger is completely compromised, potentially leading to financial loss for token holders and loss of trust in the token.

Mitigation

No official fix or patched version has been disclosed in the available references [1][2]. Developers should implement overflow-safe arithmetic using libraries such as OpenZeppelin's SafeMath to prevent integer overflows in mintToken and similar functions. Until a fix is applied, users should avoid interacting with KelvinToken contracts.