CVE-2018-10299: CVE-2018-10299

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-10299

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the "batchOverflow" issue.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Beauty Ecosystem Coin smart contract 数字错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Beauty Ecosystem Coin（BEC）是美链基金会（Beauty Chain基金会）的一套基于区块链技术的虚拟货币系统。smart contract是其中的一个智能合约。 BEC中的smart contract的实现的‘batchTransfer’函数存在整数溢出漏洞。攻击者可利用该漏洞增加原本指定的数字资产。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2018-10299

#	POC Description	Source Link	Shenlong Link
1	A fix for the batchOverflow bug https://medium.com/@peckshield/alert-new-batchoverflow-bug-in-multiple-erc20-smart-contracts-cve-2018-10299-511067db6536	https://github.com/phzietsman/batchOverflow	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-10299

Please Login to view more intelligence information

https://twitter.com/OKEx_/status/987967343983714304x_refsource_MISC
https://dasp.co/#item-3x_refsource_MISC
https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug/x_refsource_MISC
https://medium.com/secbit-media/a-disastrous-vulnerability-found-in-smart-contracts-of-beautychain-bec-dbf24ddbc30ex_refsource_MISC
https://support.okex.com/hc/en-us/articles/360002944212-BeautyChain-BEC-Withdrawal-and-Trading-Suspendedx_refsource_MISC
https://peckshield.com/2018/04/22/batchOverflow/x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2018-10299

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2018-10299

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2018-10299

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-10299

III. Intelligence Information for CVE-2018-10299

New Vulnerabilities

V. Comments for CVE-2018-10299

Leave a comment