CVE-2018-13577

Vulnerability

The mintToken function in the AdvancedShit contract (the ShitCoin / SHITC token) contains an integer overflow vulnerability [1]. The function does not enforce a maximum supply cap, allowing an arithmetic overflow when increasing a user's balance. This affects all versions of the contract as deployed on the Ethereum blockchain [2].

Exploitation

An attacker must be the contract owner (the address that deployed the contract). No other authentication or special network position is required. The owner calls mintToken with a large mintedAmount value that, when added to the target user's current balance, causes an overflow that results in an arbitrarily large balance for that user [1].

Impact

A successful exploit gives the owner the ability to set the balance of any user to any value, effectively minting an unlimited number of tokens out of thin air. This destroys the token's scarcity and can lead to a complete loss of value for all holders [1].

Mitigation

No fix was published by the contract authors; the vulnerable contract remains unpatched [2]. Users should treat any interaction with the AdvancedShit contract as extremely high risk. No CISA KEV listing exists for this CVE.