CVE-2018-12703 : Security Advisory and Response

Block 18 (18T) ERC20 Token Smart Contract Vulnerability

Understanding CVE-2018-12703

A vulnerability in the approveAndCallcode function of the Block 18 (18T) ERC20 token smart contract on the Ethereum blockchain allows attackers to steal assets by manipulating balances.

What is CVE-2018-12703?

The vulnerability, known as the "evilReflex" issue, enables malicious actors to transfer the contract's balances into their own accounts, potentially leading to asset theft.

The Impact of CVE-2018-12703

This vulnerability poses a significant risk to the security and integrity of the Block 18 (18T) ERC20 token smart contract, potentially resulting in financial losses for users and investors.

Technical Details of CVE-2018-12703

The technical aspects of the vulnerability provide insights into its exploitation and mitigation.

Vulnerability Description

The approveAndCallcode function in the smart contract implementation of Block 18 (18T) lacks proper verification, allowing unauthorized asset transfers and balance manipulation.

Affected Systems and Versions

Product: Not applicable
Vendor: Not applicable
Versions: Not applicable

Exploitation Mechanism

Attackers exploit the approveAndCallcode function to transfer contract balances into their accounts.

Mitigation and Prevention

Addressing CVE-2018-12703 requires immediate actions and long-term security measures.

Immediate Steps to Take

Disable the vulnerable function or smart contract feature.
Monitor and audit transactions for suspicious activity.
Inform users and stakeholders about the vulnerability and potential risks.

Long-Term Security Practices

Implement secure coding practices in smart contract development.
Conduct regular security assessments and audits of smart contracts.
Stay informed about emerging vulnerabilities and security best practices.

Patching and Updates

Apply patches or updates provided by the smart contract developers to fix the vulnerability and enhance security measures.