Vulnerability Description
An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract (which is inherited by MORPH Token) allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for free and can perform a DoS attack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Morph Project | Morph | <= 2019-06-05 |
References
- https://etherscan.io/address/0x2ef27bf41236bd859a95209e17a43fbd26851f92#contractThird Party Advisory
- https://github.com/smsecgroup/SM-VUL/tree/master/typo-vul-02ExploitThird Party Advisory
- https://etherscan.io/address/0x2ef27bf41236bd859a95209e17a43fbd26851f92#contractThird Party Advisory
- https://github.com/smsecgroup/SM-VUL/tree/master/typo-vul-02ExploitThird Party Advisory
FAQ
What is CVE-2019-15080?
CVE-2019-15080 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract (which is inherited by MORPH Token) al...
How severe is CVE-2019-15080?
CVE-2019-15080 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15080?
Check the references section above for vendor advisories and patch information. Affected products include: Morph Project Morph.