Description
An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be zero if the parameter is overly large. An attacker can obtain the private key of the owner issued with a certain 'amount', and the issuedCount can be zero if there is an overflow.
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://etherscan.io/address/0xecaad8df0dee0b9ed45ffd1191b024701f21506c#code
Scores
CVSS v3
7.5
EPSS
0.0138
EPSS Percentile
68.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-190
Status
published
Products (1)
issuer_project/issuer
Published
Feb 10, 2021
Tracked Since
Feb 18, 2026