CVE-2018-13663

Vulnerability

The mintToken function in the BSCToken smart contract (an Ethereum token) contains an integer overflow vulnerability. The affected contract implementation is available in the EtherTokens repository [2]. The overflow occurs when the owner calls mintToken to mint tokens to an arbitrary address, allowing the balance to be set to an unbounded value due to a lack of proper arithmetic checks.

Exploitation

The attacker must be the contract owner (i.e., have the owner privilege). No other special network position or user interaction is required. The owner simply calls the mintToken function with a sufficiently large token amount, triggering the integer overflow and resulting in a controlled but arbitrary balance for the target address.

Impact

A successful exploitation allows the owner to set the balance of any user to any arbitrary value, effectively inflating the total supply and compromising the integrity of the token's accounting. This can lead to financial losses for other holders and undermine trust in the token.

Mitigation

No official fix has been published specifically for BSCToken. The underlying integer overflow pattern is documented in the EtherTokens repository [1]. Developers should use SafeMath (or similar libraries) to prevent arithmetic overflows. As of the publication date (2018-07-09), no patched version is available; the vulnerability remains present in the unmodified contract [1][2].