Vulnerability Description
The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value, a related issue to CVE-2018-11812.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pylon-Network | Pylontoken | - |
Related Weaknesses (CWE)
References
- https://etherscan.io/address/0x7703c35cffdc5cda8d27aa3df2f9ba6964544b6e#codeThird Party Advisory
- https://github.com/klenergy/ethereum-contracts/issues/1ExploitThird Party Advisory
- https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.mdExploitThird Party Advisory
- https://etherscan.io/address/0x7703c35cffdc5cda8d27aa3df2f9ba6964544b6e#codeThird Party Advisory
- https://github.com/klenergy/ethereum-contracts/issues/1ExploitThird Party Advisory
- https://github.com/n0pn0pn0p/smart_contract_-vulnerability/blob/master/PolyAi.mdExploitThird Party Advisory
FAQ
What is CVE-2018-18667?
CVE-2018-18667 is a vulnerability with a CVSS score of 7.5 (HIGH). The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value, a related...
How severe is CVE-2018-18667?
CVE-2018-18667 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-18667?
Check the references section above for vendor advisories and patch information. Affected products include: Pylon-Network Pylontoken.