CVE-2018-12025

Name of the Vulnerable Software and Affected Versions FuturXE (FXE) (affected versions not specified)

Description The issue arises from a logic error in the transferFrom function of the FuturXE smart contract implementation. This error allows attackers to perform unauthorized transfers of digital assets. The problem stems from an incorrect boolean judgment that stops the transfer session when the input value is smaller than or equal to the allowed value. This logic is flawed because it should instead ensure the transferring value does not exceed the allowed value. As a result, an attacker can exploit this by causing an underflow in the allowed[from][msg.sender] -= value; operation, allowing them to transfer any amount of FuturXE tokens from any account to a specified address without needing the victim's private key.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.