Sungjae Hwang

**Name of the Vulnerable Software and Affected Versions** AIRDROPX BORN through 2019-05-29 **Description** An issue was discovered in the smart contract implementation of AIRDROPX BORN, an Ethereum token. The constructor name has a typo, with `XBornID` instead of `XBORNID`, allowing an attacker to change the contract owner and obtain cryptocurrency for free. **Recommendations** For AIRDROPX BORN through 2019-05-29, consider disabling the contract until a patch is available to prevent exploitation of the typo in the constructor name. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** EAI through 2019-06-05 **Description** A typo exists in the constructor of a smart contract implementation for EAI, an Ethereum token. This issue could be used by an attacker to acquire EAI tokens for free. **Recommendations** For EAI through 2019-06-05, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MORPH Token versions through 2019-06-05 **Description** An issue was discovered in the smart contract implementation of MORPH Token, allowing attackers to acquire contract ownership due to a typo in the constructor of the Owned contract. This enables a new owner to obtain MORPH Tokens for free and perform a Denial of Service (DoS) attack. **Recommendations** For MORPH Token versions through 2019-06-05, consider disabling the contract until a fix is implemented to prevent attackers from acquiring contract ownership and performing a DoS attack.