CVE-2018-13654

Vulnerability

The mintToken function in the ESTSToken smart contract (an Ethereum token) contains an integer overflow vulnerability. The function performs arithmetic on totalSupply and balances[target] without using safe math operations, allowing the owner to overflow the uint256 values. This affects all versions of the ESTSToken contract as deployed on Ethereum [1], [2].

Exploitation

The contract owner can call mintToken with a large mintedAmount parameter. Due to the lack of overflow protection, the addition totalSupply += mintedAmount and balances[target] += mintedAmount can overflow, resulting in a small or zero effective increase. The owner can then set the balance of any user to an arbitrary value by carefully choosing the input to cause a specific overflow outcome [1].

Impact

An attacker who is the contract owner can arbitrarily manipulate the token balances of any address, including inflating the total supply or setting a user's balance to any desired value. This can lead to loss of funds, price manipulation, and complete compromise of the token's economic model [1], [2].

Mitigation

No official fix has been published for ESTSToken. Developers should implement the SafeMath library to perform arithmetic operations with overflow checks, or use OpenZeppelin's SafeERC20 and SafeMath contracts. The vulnerability is similar to the one documented in the GEMCHAIN token analysis [1].