CVE-2018-13757

Vulnerability

The mintToken function in the Coinquer Ethereum smart contract contains an integer overflow vulnerability [1]. The contract, as available in the referenced repository [2], does not perform overflow checks when updating a user's balance. The owner of the contract can exploit this to set the balance of any arbitrary user to any value, including extremely large numbers. The affected code is the Coinquer token implementation, and no specific version is indicated; the vulnerability exists in the contract as published.

Exploitation

An attacker who is the owner of the Coinquer contract can call the mintToken function with a large mintedAmount parameter that, when added to the target user's current balance, causes an integer overflow. This results in the user's balance being set to a value controlled by the owner, bypassing the intended supply constraints. No additional authentication or user interaction is required beyond the owner's privileges.

Impact

Successful exploitation allows the contract owner to arbitrarily inflate the balance of any user, effectively minting tokens out of thin air. This can lead to complete loss of token value, manipulation of token distribution, and potential financial harm to holders. The integrity of the token's supply is compromised, and the owner gains the ability to create unlimited tokens.

Mitigation

No official fix or patched version has been identified in the available references [1][2]. The vulnerability is inherent in the contract's design, and users should avoid interacting with the Coinquer token unless a corrected version is deployed. As of the publication date (2018-07-09), no mitigation or workaround has been disclosed.