PT-2019-9590 · Primeo · Primeo

Published

2019-06-19

Updated

2019-06-24

CVE-2018-18425

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Primeo (PEO) smart contract implementation (affected versions not specified)

Description The issue concerns the doAirdrop function in the smart contract implementation, which fails to validate the numerical relationship between the airdrop amount and the token's total supply. This allows the contract owner to issue an arbitrary amount of currency, effectively increasing the total supply beyond the hard cap defined in the contract and devaluing the token.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330

Related Identifiers

CVE-2018-18425

Affected Products

Primeo

PT-2019-9590 · Primeo · Primeo

CVE-2018-18425

Weakness Enumeration

Related Identifiers

Affected Products

References · 3