CVE-2018-10769 Information
Feb 14, 2021
cve
Description
The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT) an Ethereum ERC20 token allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST) GG Token (GG) M2C Mesh Network (MTC) M2C Mesh Network (mesh) and UG Token (UGT).
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Reference
https://github.com/nkbai/defcon26/blob/master/docs/Replay20Attacks20on20Ethereum20Smart20Contracts.md https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@3Cdev.struts.apache.org3E
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
NONE
Base Severity
7.5
Share on: