PT-2021-10409 · Icvo · Icvo
Published
2021-09-07
·
Updated
2021-09-14
·
CVE-2020-19768
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
ICVO version 1.0
Description:
A lack of target address verification in the
selfdestructs() function allows attackers to steal tokens from victim users via a crafted script.Recommendations:
For version 1.0, consider disabling the
selfdestructs() function until a patch is available to prevent token theft. Restrict access to the selfdestructs() function to minimize the risk of exploitation. Avoid using crafted scripts that could exploit the lack of target address verification in the selfdestructs() function until the issue is resolved.Exploit
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Icvo