CVE-2018-19834
Description
The quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unprotected quaker function in BOMBBA token contract allows any attacker to become owner, leading to full asset theft.
Vulnerability
The quaker function in the BOMBBA (BOMB) ERC20 token contract lacks access control, allowing any caller to change the contract owner [1]. The contract does not use an onlyOwner modifier or equivalent. Affected is the deployed implementation of the BOMBBA token.
Exploitation
An attacker simply calls the quaker function with a new owner address [1]. No authentication, special privileges, or user interaction is required; any Ethereum account can execute the call.
Impact
Upon success, the attacker becomes the contract owner and gains access to all owner-restricted functions (e.g., withdraw, transferOwnership), enabling theft of all tokens or Ether held by the contract [1].
Mitigation
As of the available references, no official fix has been released [1]. Users should avoid the unpatched contract and consider deploying a corrected version with proper access control on the quaker function.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- BOMBBA (BOMB)/BOMBBA (BOMB)description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.