CVE-2018-13778

Vulnerability

The mintToken function in the CGCToken smart contract contains an integer overflow vulnerability. The contract allows the owner to mint tokens to any address, and due to the absence of overflow protection (e.g., SafeMath), calling mintToken with a large mintedAmount can cause an arithmetic overflow in the balance update. Affected versions include all deployments of the CGCToken contract identified at [1] [2].

Exploitation

An attacker who is the contract owner (or gains owner privileges) can exploit this by calling mintToken with a carefully crafted mintedAmount value that causes an integer overflow. This results in the target address's balance being set to an attacker-chosen value rather than the intended increment [1]. No user interaction or special network position is required beyond being the contract owner.

Impact

Successful exploitation allows the owner to arbitrarily adjust the token balance of any address, inflating the total supply without limit. This can be used to devalue the token, drain liquidity pools, or manipulate any token-based logic that depends on balances. The privilege level is owner-only, but the impact on token economics and trust is critical [1].

Mitigation

No official patched version of CGCToken has been released. Developers should use SafeMath for arithmetic operations or implement overflow checks in the mintToken function. The contract remains unpatched as of the reference publication date [1].