CVE-2018-14089
Last modified
CVE-2018-14089 is a vulnerability of currently unknown severity. An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, 'bool sufficientAllowance = allowance <= _value' will cause an arbitrary transfer in the function transferFrom because '<=' is used instead of '>=' (which was intended). EPSS estimates a 0.93% chance of exploitation in the next 30 days.
Description
An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, 'bool sufficientAllowance = allowance <= _value' will cause an arbitrary transfer in the function transferFrom because '<=' is used instead of '>=' (which was intended). An attacker can transfer from any address to his address, and does not need to meet the 'allowance > value' condition.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Virgo Zodiactoken Project | Virgo Zodiactoken | All versions |
References
- https://github.com/hellowuzekai/blockchains/blob/master/transferFrom.mdExploit, Third Party Advisory
- https://github.com/hellowuzekai/blockchains/blob/master/transferFrom.mdExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-14089?
How severe is CVE-2018-14089?
How do I fix CVE-2018-14089?
Are you affected by CVE-2018-14089?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST