CVE-2018-10299

HIGH EXPLOITED IN THE WILD

Beauty Ecosystem Coin - Code Injection

Title source: llm

Exploitation Summary

CVE-2018-10299 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including phzietsman.

AI-analyzed exploit summary This repository demonstrates and tests the batchOverflow vulnerability (CVE-2018-10299) in ERC20 smart contracts, including a vulnerable contract and a fixed version. The PoC uses Truffle tests to show how an integer overflow can be exploited to manipulate token balances.

Description

An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the "batchOverflow" issue.

Exploits (1)

nomisec WORKING POC

by phzietsman · remote

https://github.com/phzietsman/batchOverflow

View Code ZIP pw:eip

This repository demonstrates and tests the batchOverflow vulnerability (CVE-2018-10299) in ERC20 smart contracts, including a vulnerable contract and a fixed version. The PoC uses Truffle tests to show how an integer overflow can be exploited to manipulate token balances.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: ERC20 smart contracts with batch transfer functionality

No auth needed

Prerequisites: Ethereum development environment (Truffle) · Vulnerable ERC20 smart contract

MITRE ATT&CK