CVE-2018-13637

Vulnerability

The mintToken function in the CikkaCoin smart contract (an Ethereum token) contains an integer overflow vulnerability. The function does not validate arithmetic overflow when adding minted tokens to a user's balance, allowing the owner to set any address's balance to an arbitrary value. All versions of the CikkaCoin contract as referenced in [2] are affected.

Exploitation

An attacker must be the contract owner, as mintToken is typically restricted to the owner role. The owner can call mintToken with a large mintedAmount value, causing an integer overflow in the balance addition. This results in the target address receiving a manipulated balance, which can be set to any desired value.

Impact

Successful exploitation allows the contract owner to arbitrarily control any user's token balance. This can be used to inflate the total supply, drain funds from other users, or manipulate the token's economy. The impact is a complete loss of token integrity and trust.

Mitigation

No official fix or patched version has been disclosed in the available references [1][2]. The CikkaCoin contract appears unmaintained. Users should avoid using this token and consider migrating to a secure alternative. This vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.