CVE-2018-13629

Vulnerability

The mintToken function in the CrimsonShilling Ethereum smart contract (found in [2]) has an integer overflow vulnerability. The function accepts a uint256 value but does not check for overflow, allowing the contract owner to mint an extremely large amount of tokens, which wraps around to a small value due to overflow. This affects all versions of the contract at the referenced repository [2].

Exploitation

The attacker must be the contract owner. By calling mintToken with a carefully chosen large mintedAmount value, the addition operation overflows, resulting in the target user's balance being set to an arbitrary value (e.g., zero or a large number) controlled by the owner [1]. No other authentication or user interaction is required.

Impact

An attacker who is the contract owner can arbitrarily increase or decrease any user's token balance, effectively stealing tokens or inflating supply. This compromises the integrity and availability of the token, as balances can be manipulated at will [2].

Mitigation

No fix has been disclosed in the available references [1][2]. As a general best practice, the contract should use SafeMath library to prevent integer overflow, or the mintToken function should be removed or restricted. Users should consider the token as untrustworthy until a patched version is released.