CVE-2018-12084 - The mintToken function of a smart contract implementation for BitAsean (BAS), a tradable Ethereum ER

CVE-2018-12084

Summary

The mintToken function of a smart contract implementation for BitAsean (BAS), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue.

References

https://peckshield.com/2018/06/11/tradeTrap/

Vulnerable Configurations

cpe:2.3:a:bitasean:bitasean:-:*:*:*:*:*:*:*
cpe:2.3:a:bitasean:bitasean:-:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

misc

https://peckshield.com/2018/06/11/tradeTrap/

Last major update

03-10-2019 - 00:03

Published

25-06-2018 - 11:29

Last modified

03-10-2019 - 00:03