CVE-2018-10769
Last modified
CVE-2018-10769 is a vulnerability of currently unknown severity. The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT).. EPSS estimates a 0.94% chance of exploitation in the next 30 days.
Description
The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT).
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Smartmesh Project | Smartmesh | All versions |
| Ugtoken Project | Ugtoken | All versions |
| Gg Token Project | Gg Token | All versions |
| First Project | First | All versions |
| Mtc Project | Mtc | All versions |
| Mesh Project | Mesh | All versions |
References
- https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.mdExploit, Third Party Advisory
- https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.mdExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-10769?
How severe is CVE-2018-10769?
How do I fix CVE-2018-10769?
Are you affected by CVE-2018-10769?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST