CVE-2018-13774
Description
The mintToken function of a smart contract implementation for Bitstarti, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Bitstarti Ethereum token's mintToken function has an integer overflow allowing the owner to set any user's balance arbitrarily.
Vulnerability
The mintToken function in the Bitstarti Ethereum token smart contract contains an integer overflow vulnerability [1][2]. The contract, as seen in the Bitstarti repository, the mintToken function likely uses an unchecked arithmetic operation to increase a user's balance, similar to the pattern shown in the referenced GEMCHAIN example [1]. This allows the owner to call mintToken and supply a large value that overflows the attacker-controlled balance, thereby setting an arbitrary user's balance to any desired value. The vulnerable contract corresponds to the Bitstarti token implementation [2].
Exploitation
An attacker that is the contract owner, or who gains control of the owner account, can exploit this by calling mintToken with a target address and a large mintedAmount value. Because the integer overflow occurs during addition, the resulting balance becomes a controlled value rather than the intended sum. No special network position or additional user interaction is required beyond being the owner [1]. The exploitation sequence involves crafting a transaction to mintToken with parameters that trigger the overflow.
Impact
A successful exploit enables the owner to set the balance of any Ethereum address to any arbitrary value, effectively creating tokens out of thin air [1]. This can lead to total manipulation of the token's supply and distribution, resulting in loss of value for legitimate holders and potential financial fraud. The compromise is at the level of the token contract’s state, with the owner gaining unlimited control over token balances.
Mitigation
No fix or patched version has been identified in the available references [1][2]. The contract as published in the EtherTokens repository is considered vulnerable. Mitigation requires deploying a new contract with safe arithmetic (e.g., using SafeMath library) or revoking owner privileges if possible. As of the publication date, the vulnerable contract remains unpatched, and users should avoid interacting with the Bitstarti token.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.mdmitrex_refsource_MISC
- github.com/BlockChainsSecurity/EtherTokens/tree/master/Bitstartimitrex_refsource_MISC
News mentions
0No linked articles in our index yet.