Vulnerability Description
An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the "batchOverflow" issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Beauty | Beauty Ecosystem Coin | - |
Related Weaknesses (CWE)
References
- https://dasp.co/#item-3ExploitThird Party Advisory
- https://medium.com/secbit-media/a-disastrous-vulnerability-found-in-smart-contraExploitThird Party Advisory
- https://peckshield.com/2018/04/22/batchOverflow/ExploitThird Party Advisory
- https://support.okex.com/hc/en-us/articles/360002944212-BeautyChain-BEC-WithdrawThird Party Advisory
- https://twitter.com/OKEx_/status/987967343983714304Third Party Advisory
- https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/Issue TrackingThird Party Advisory
- https://dasp.co/#item-3ExploitThird Party Advisory
- https://medium.com/secbit-media/a-disastrous-vulnerability-found-in-smart-contraExploitThird Party Advisory
- https://peckshield.com/2018/04/22/batchOverflow/ExploitThird Party Advisory
- https://support.okex.com/hc/en-us/articles/360002944212-BeautyChain-BEC-WithdrawThird Party Advisory
- https://twitter.com/OKEx_/status/987967343983714304Third Party Advisory
- https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/Issue TrackingThird Party Advisory
FAQ
What is CVE-2018-10299?
CVE-2018-10299 is a vulnerability with a CVSS score of 7.5 (HIGH). An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attacker...
How severe is CVE-2018-10299?
CVE-2018-10299 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10299?
Check the references section above for vendor advisories and patch information. Affected products include: Beauty Beauty Ecosystem Coin.