CVE-2018-13638

Vulnerability

The mintToken function in the Bitpark Ethereum token smart contract suffers from an integer overflow vulnerability. The function performs arithmetic on a user's balance without proper bounds checking, enabling the contract owner to set the balance of an arbitrary user to any value. The vulnerable code is present in the Bitpark contract as shown in reference [2].

Exploitation

An attacker who is the owner of the Bitpark contract can call the mintToken function with a large value that causes an integer overflow, thereby manipulating the balance of any chosen address to an attacker-controlled amount. No special privileges beyond ownership or the ability to invoke the function are required [1].

Impact

Successful exploitation allows the contract owner to arbitrarily inflate or deflate the token balance of any user, effectively destroying the token's value and integrity. This can lead to financial loss for other token holders and complete compromise of the token's economy.

Mitigation

As of the publication date (2018-07-09), no official fix has been released for the Bitpark token. Users should avoid interacting with this contract. The vulnerability is a classic example of integer overflow that can be prevented by using SafeMath library functions or performing proper arithmetic checks [1][2].