CVE-2018-19833
HIGHddq - Unauthenticated Ownership Takeover via Improper Authentication
Title source: llmDescription
The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://github.com/SmartContractResearcher/SmartContractSecurity/blob/master/New%20Vulnerabilities%20Allow%20Anyone%20to%20Own%20Certain%20ERC20-Based%20Smart%20Contracts%28CVE-2018-19830%2C%20CVE-2018-19831%2C%20CVE-2018-19832%2C%20CVE-2018-19833%2C%20CVE-2018-19834%29/README.md
Scores
CVSS v3
7.5
EPSS
0.0093
EPSS Percentile
56.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (1)
ddq_project/ddq
Published
Dec 31, 2019
Tracked Since
Feb 18, 2026