CVE-2018-14089

Name of the Vulnerable Software and Affected Versions Virgo ZodiacToken (affected versions not specified)

Description An issue was discovered in the smart contract implementation for Virgo ZodiacToken, an Ethereum token. The issue arises from the line bool sufficientAllowance = allowance <= value, where the use of <= instead of >= allows for an arbitrary transfer in the transferFrom function. This means an attacker can transfer funds from any address to their own address without needing to meet the allowance > value condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.