Vulnerability Description
The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smartmesh Project | Smartmesh | - |
| Ugtoken Project | Ugtoken | - |
| Gg Token Project | Gg Token | - |
| First Project | First | - |
| Mtc Project | Mtc | - |
| Mesh Project | Mesh | - |
References
- https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20EtherExploitThird Party Advisory
- https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef
- https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20EtherExploitThird Party Advisory
- https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef
FAQ
What is CVE-2018-10769?
CVE-2018-10769 is a vulnerability with a CVSS score of 7.5 (HIGH). The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets b...
How severe is CVE-2018-10769?
CVE-2018-10769 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10769?
Check the references section above for vendor advisories and patch information. Affected products include: Smartmesh Project Smartmesh, Ugtoken Project Ugtoken, Gg Token Project Gg Token, First Project First, Mtc Project Mtc.