CVE-2018-13756

Vulnerability

The mintToken function in the CherryCoinFoundation Ethereum token contract contains an integer overflow vulnerability [1][2]. This flaw allows the contract owner to manipulate balance updates, potentially setting any user's balance to an arbitrary value. The vulnerability affects all versions of the CherryCoinFoundation contract as deployed on the Ethereum blockchain.

Exploitation

Only the owner of the contract can invoke the mintToken function. By providing a crafted mintedAmount parameter that causes an integer overflow, the owner can overflow the balance variable, leading to an unintended balance value for the target address. No user interaction or additional privileges are required beyond owner access.

Impact

A successful exploit enables the contract owner to arbitrarily increase or decrease the token balance of any address. This can result in token supply manipulation, loss of funds for other holders, and complete loss of trust in the token's integrity.

Mitigation

As of the publication date (2018-07-09), no fix has been released for the CherryCoinFoundation contract [2]. The contract is likely unpatched and remains vulnerable. Users should consider the token at risk and avoid holding value in it. No known workaround exists.