CVE-2018-14085

Name of the Vulnerable Software and Affected Versions UserWallet version 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42

Description An issue was discovered in the smart contract implementation of UserWallet, allowing an evil contract to modify the sweeperList. This can occur when the owner adds the evil contract address to their sweepers, and the evil contract executes a function that alters the start variable to a specific value, 0x123456789, which then changes the sweeperList when the sweep() function is called in the UserWallet contract.

Recommendations For version 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, consider restricting access to the sweep() function until a patch is available to prevent unauthorized modification of the sweeperList. Additionally, avoid adding untrusted contract addresses to the sweepers to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.