CVE-2025-57247

Name of the Vulnerable Software and Affected Versions BATBToken smart contract versions prior to Compiler Version v0.8.26+commit.8a97fa7a

Description The BATBToken smart contract, with address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, has an incorrect access control implementation in its whitelist management functions. Specifically, the setColdWhiteList() and setSpecialAddress() functions within the base ERC20 contract are publicly accessible without appropriate access control modifiers. This allows any user to bypass transfer restrictions and manipulate special address settings. Exploitation of this issue could enable unauthorized users to circumvent cold time transfer restrictions and disrupt dividend distribution mechanisms, potentially leading to privilege escalation and a violation of the contract’s intended tokenomics.

Recommendations Apply access control modifiers to the setColdWhiteList() and setSpecialAddress() functions to restrict access to authorized users only.