CVE-2018-13606

Vulnerability

The mintToken function in the ARChain Ethereum token smart contract (version unspecified, but code available in [2]) contains an integer overflow vulnerability. The function performs arithmetic on totalSupply and balanceOf[target] without using SafeMath or overflow checks, allowing the owner to mint an arbitrary number of tokens. This is a classic integer overflow bug common in many early ERC20 tokens [1].

Exploitation

The attacker must be the contract owner (the address that deployed the contract). No other authentication or user interaction is required. The owner calls mintToken with a large mintedAmount value that causes an integer overflow when added to totalSupply or balanceOf[target], resulting in a small or zero effective increase. However, the owner can also set the balance of any user to any value by carefully choosing the mintedAmount to overflow to the desired balance. The exact steps are: call mintToken(target, amount) where amount is chosen such that balanceOf[target] + amount overflows to the attacker's intended value.

Impact

A successful exploit allows the contract owner to arbitrarily set the token balance of any user address. This can be used to inflate the owner's own balance, drain tokens from other users (by setting their balance to zero), or manipulate the token supply. The impact is complete loss of token integrity and trust, as the owner can effectively control all token holdings.

Mitigation

No fix has been published for ARChain. The vulnerability exists in the contract code as seen in [2]. Users should avoid interacting with this token contract. The general mitigation for integer overflow is to use the SafeMath library for all arithmetic operations, as recommended in [1]. Since the contract is unpatched and likely abandoned, the only mitigation is to not use the token.