CVE-2018-13720
Description
The mintToken function of a smart contract implementation for Antoken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The mintToken function in Antoken (Ethereum token) has an integer overflow, enabling the owner to arbitrarily set any user's balance.
Vulnerability
The mintToken function in the Antoken smart contract (an Ethereum token) contains an integer overflow vulnerability. The contract allows the owner to produce tokens by calling mintToken, but due to the lack of proper overflow check, the owner can overflow the balance storage of an arbitrary user. The affected versions are the Antoken token contracts as deployed during its lifetime; the referenced repository [2] contains the source code. The integer overflow issue is consistent with other EtherTokens contracts, as described in [1].
Exploitation
The attacker must be the contract owner (the one who deployed the contract) to invoke mintToken. The owner can call mintToken(address, uint256) with a very large value for the uint256 parameter, causing an arithmetic overflow. The sequence of steps is: 1) The owner deploys the Antoken contract. 2) The owner calls mintToken with a crafted large integer. 3) The contract's balance mapping for the target address overflows to a value chosen by the owner. No special network position or additional authentication is needed beyond being the contract owner.
Impact
The owner can set the balance of any user to an arbitrary value, including values that exceed the total supply or are maliciously chosen. This leads to a complete loss of token integrity; the attacker can artificially inflate balances, drain liquidity, or manipulate token economics. The CIA impact is primarily integrity (balance manipulation) and potentially availability (if the token supply is corrupted). The attacker retains their owner privileges and can repeatedly exploit the issue.
Mitigation
The contract should include safe arithmetic checks, such as using OpenZeppelin's SafeMath library to prevent overflow. As of the publication date, no specific patched version of Antoken has been released publicly. The vulnerability was disclosed alongside similar issues in EtherTokens [1]. No workaround is available for deployed contracts; token holders must avoid the token until a fix is applied or treat it as compromised. This CVE is not listed in the KEV catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.mdmitrex_refsource_MISC
- github.com/BlockChainsSecurity/EtherTokens/tree/master/Antokenmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.