CVE-2018-17882

Vulnerability

The batchTransfer function in the CryptoBotsBattle (CBTB) smart contract (Ethereum token) contains an integer overflow vulnerability. The function computes _to.length * _value before passing to safeSub, but the multiplication itself can overflow if the product exceeds 2^256-1. The Solidity compiler treats uint as uint256, so even if the developer intended to restrict _value to uint32, the multiplication still uses 256-bit arithmetic. This allows an attacker to cause an overflow, bypassing the safeSub check. Affected contract address: 0x4daa9dc438a77bd59e8a43c6d46cbfe84cd04255 (CBTB token). [1]

Exploitation

An attacker calls batchTransfer with a _to array of length 2 and _value set to 2^255. The multiplication 2 * 2^255 = 2^256 overflows to 0, so safeSub(balances[msg.sender], 0) returns the sender's full balance unchanged. The loop then transfers _value (2^255) tokens to each address in _to, effectively minting an enormous amount of tokens out of thin air. No special privileges or user interaction required beyond the ability to call the function. [1]

Impact

An attacker can create an arbitrary amount of tokens for any user (including themselves), leading to total loss of token value and trust. The attacker gains control over the token supply, enabling them to dump tokens or manipulate the market. This is a critical integrity and availability issue. [1]

Mitigation

As of the publication date (2019-03-15), no official fix has been released for the CBTB contract. The vulnerability is inherent in the contract code; users should avoid interacting with this token. The developer should have used a safe multiplication library (e.g., OpenZeppelin's SafeMath) to prevent overflow before the subtraction. No workaround exists for the deployed contract. [1]