CVE-2018-13715

Vulnerability

The mintToken function in the BpsToken smart contract (an Ethereum token) contains an integer overflow vulnerability. The function performs arithmetic on the totalSupply and balanceOf mappings without using a safe math library, allowing an overflow when large values are supplied. This vulnerability is present in the contract as deployed on the Ethereum blockchain; no specific version is indicated, but the code is available in the referenced repository [1][2]. The function is callable only by the contract owner due to an onlyOwner modifier.

Exploitation

An attacker who is the contract owner can call mintToken with a large mintedAmount parameter that causes an integer overflow in the addition operations. This overflow results in the totalSupply and the target user's balanceOf being set to an arbitrary value chosen by the owner, rather than the intended incremented value. No special network position or user interaction is required beyond being the owner.

Impact

A successful exploitation allows the contract owner to set the balance of any user to any value, effectively minting or burning tokens at will. This can lead to complete loss of token value, manipulation of token distribution, and potential financial loss for other holders. The impact is a total compromise of the token's integrity and availability.

Mitigation

No official fix or patched version of BpsToken has been published. The vulnerability is inherent in the contract's use of unchecked arithmetic. As a workaround, token holders should avoid interacting with this contract, and developers should use safe math libraries (e.g., OpenZeppelin's SafeMath) to prevent integer overflows. The contract is not listed on the CISA KEV as of the publication date.