CVE-2018-13623

Vulnerability

The mintToken function in the smart contract for the AirdropperCryptics Ethereum token (an integer overflow variant) contains an integer overflow vulnerability [1]. This allows the contract owner to call the function and set the balance of any arbitrary user to any value without proper bounds checking. The affected code is in the AirdropperCryptics token implementation found in the EtherTokens repository [2].

Exploitation

An attacker who is the owner of the contract can directly call the mintToken function with a large value for the mintedAmount parameter. The integer overflow causes the balance update to become an arbitrary value selected by the owner. No special network position or additional user interaction is required, as the owner has direct access to the function.

Impact

By exploiting the integer overflow, the owner can set the balance of any user (including themselves) to any desired value. This effectively allows the owner to mint an unlimited number of tokens, leading to a complete loss of token scarcity and potentially destroying the token's economic value. The impact is a violation of the intended token supply control.

Mitigation

At the time of publication (2018-07-09), no patched version or fix has been documented for the AirdropperCryptics token [1][2]. The vulnerability arises from a lack of input validation and safe arithmetic in the mintToken function. A mitigation would require the contract to use a safe math library (e.g., OpenZeppelin's SafeMath) or enforce a maximum mint amount and proper overflow checks. This CVE is not listed in CISA's Known Exploited Vulnerabilities catalog.