lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 25 Jul 2018 19:32:17 +0800 (GMT+08:00)
From: 姚志华 <>
Subject: [FD] Integer overflow in SunContract

I have found an integer overflow in mintTokens,the supply variable could overflow,because of the _amount variable is controlled by us and can eventually cause supply overflow to zero.

vuln code:

  function mintTokens(address _to, uint256 _amount) {         
    if (msg.sender != icoContractAddress) throw;            // Only ICO address can mint tokens        
    if (restrictedAddresses[_to]) throw;                    // Throw if user wants to send to restricted address       
    if (balances[_to] + _amount < balances[_to]) throw;     // Check for overflows
    supply += _amount;   //integer overflow                                     // Update total supply
    balances[_to] += _amount;                               // Set minted coins to target
    Mint(_to, _amount);                                     // Create Mint event       
    Transfer(0x0, _to, _amount);                            // Create Transfer event from 0x

contract address

reference link:



官方微信:DBAPP2013   客服热线:400-6059-110

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists