CVE-2018-13597
Description
The mintToken function of a smart contract implementation for testcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in mintToken function of testcoin Ethereum token allows owner to arbitrarily set any user's balance.
Vulnerability
The mintToken function in the testcoin smart contract (an Ethereum token) contains an integer overflow vulnerability. The function does not perform proper arithmetic checks, allowing the owner to mint tokens beyond the maximum value of uint256. This affects the testcoin contract as described in the EtherTokens repository [1][2].
Exploitation
The attacker must be the contract owner (the address that deployed the contract). By calling mintToken with a large mintedAmount value, the owner can cause an integer overflow in the balance update, resulting in an arbitrary balance for any target address. No user interaction is required.
Impact
A successful exploit allows the owner to set the balance of any user to any value, effectively controlling the token supply and distribution. This can lead to complete loss of token value and trust.
Mitigation
No official fix has been published for testcoin. Developers should use the SafeMath library to prevent integer overflows. The contract is likely unmaintained; users should avoid using this token.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.mdmitrex_refsource_MISC
- github.com/BlockChainsSecurity/EtherTokens/tree/master/testcoinmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.