PT-2022-18242 · Eosio · Eosio
Kenun99
·
Published
2022-05-12
·
Updated
2022-05-24
·
CVE-2022-27134
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
EOSIO batdappboomx version v327c04cf
Description
The issue concerns an Access-control vulnerability in the
transfer function of the smart contract. This vulnerability allows remote attackers to win cryptocurrency without paying the ticket fee by exploiting the std::string memo parameter.Recommendations
For EOSIO batdappboomx version v327c04cf, consider disabling the
transfer function until a patch is available to prevent exploitation. Restrict access to the std::string memo parameter in the affected smart contract to minimize the risk of unauthorized cryptocurrency wins.Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eosio