Hello,I found an integer overflow in increaseApproval function.And it doesn't use the safe function to add value. code addresss: https://etherscan.io/address/0x30ceCB5461A449A90081F5a5F55db4e048397BAB vuln code:
function increaseApproval (address _spender, uint _addedValue) returns (bool success) { //allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue); allowed[msg.sender][_spender] += _addedValue; //integer overflow Approval(msg.sender, _spender, allowed[msg.sender][_spender]); return true; } This issue has been already applied for CVE-2018-14063 The issue link : https://github.com/tracto2/Tracto-ERC20/issues/1 -- ----------------------------------------------------------------- 杭州安恒信息技术股份有限公司 明鉴事业部-策略引擎部 手机:13588722924 邮箱:zhihua....@dbappsecurity.com.cn 公司网址:http://www.dbappsecurity.com.cn 官方微信:DBAPP2013 客服热线:400-6059-110 联系地址:杭州市滨江区通和路68号中财大厦15层(310051) ----------------------------------------------------------------- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/