CVE-2018-13561

Vulnerability

The mintToken function in the YourCoin (ICO) smart contract (contract name ETH033) contains an integer overflow vulnerability. The function does not check for overflow when calculating the new total supply or user balance, allowing the owner to set an arbitrary user's balance to any value [1], [2].

Exploitation

The owner of the contract can call the mintToken function with a large value that causes an integer overflow, effectively setting the target user's balance to any desired value without the need for any additional privileges or user interaction [1].

Impact

By exploiting the integer overflow, the owner can arbitrarily increase the balance of any user, potentially leading to the creation of tokens out of thin air. This can result in devaluation of the token, loss of trust, and potential financial loss for token holders [1], [2].

Mitigation

The vulnerability exists in the ETH033 contract as deployed. No official fix or patched version has been released in the available references. Developers should implement SafeMath or similar overflow checks in the mintToken function. To mitigate, deploy a new contract with proper overflow prevention [1], [2].