An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the "batchOverflow" issue.
References
Configurations
History
21 Nov 2024, 03:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://dasp.co/#item-3 - Exploit, Third Party Advisory | |
References | () https://medium.com/secbit-media/a-disastrous-vulnerability-found-in-smart-contracts-of-beautychain-bec-dbf24ddbc30e - Exploit, Third Party Advisory | |
References | () https://peckshield.com/2018/04/22/batchOverflow/ - Exploit, Third Party Advisory | |
References | () https://support.okex.com/hc/en-us/articles/360002944212-BeautyChain-BEC-Withdrawal-and-Trading-Suspended - Third Party Advisory | |
References | () https://twitter.com/OKEx_/status/987967343983714304 - Third Party Advisory | |
References | () https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/ - Issue Tracking, Third Party Advisory |
Information
Published : 2018-04-23 04:29
Updated : 2024-11-21 03:41
NVD link : CVE-2018-10299
Mitre link : CVE-2018-10299
CVE.ORG link : CVE-2018-10299
JSON object : View
Products Affected
beauty
- beauty_ecosystem_coin
CWE
CWE-190
Integer Overflow or Wraparound