CVE-2018-14089

HIGH

Virgo_ZodiacToken - Arbitrary Token Transfer via Incorrect Allowance Comparison

Title source: manual
STIX 2.1

Description

An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, 'bool sufficientAllowance = allowance <= _value' will cause an arbitrary transfer in the function transferFrom because '<=' is used instead of '>=' (which was intended). An attacker can transfer from any address to his address, and does not need to meet the 'allowance > value' condition.

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0093
EPSS Percentile 56.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (1)
virgo_zodiactoken_project/virgo_zodiactoken
Published Jul 16, 2018
Tracked Since Feb 18, 2026