Vulnerability CVE-2018-10769


Published: 2018-08-10

Description:
The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT).

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Ugtoken project -> Ugtoken 
Smartmesh project -> Smartmesh 
Mtc project -> MTC 
Mesh project -> MESH 
Gg token project -> Gg token 
First project -> First 

 References:
https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.md
https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E

Copyright 2024, cxsecurity.com

 

Back to Top