High severity7.5NVD Advisory· Published Jul 16, 2018· Updated Jun 17, 2026

CVE-2018-14089

Description

An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, 'bool sufficientAllowance = allowance <= _value' will cause an arbitrary transfer in the function transferFrom because '<=' is used instead of '>=' (which was intended). An attacker can transfer from any address to his address, and does not need to meet the 'allowance > value' condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

hellowuzekai/Blockchainsreferences
Virgo ZodiacToken/Virgo_ZodiacTokenllm-create

Patches

Vulnerability mechanics

References

github.com/hellowuzekai/blockchains/blob/master/transferFrom.mdnvdExploitThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000