Vulnerabilities > CVE-2018-10706 - Integer Overflow or Wraparound vulnerability in Social-Chain Social Chain

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
social-chain
CWE-190

Summary

An integer overflow in the transferMulti function of a smart contract implementation for Social Chain (SCA), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets, aka the "multiOverflow" issue.

Vulnerable Configurations

Part Description Count
Application
Social-Chain
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Seebug

bulletinFamilyexploit
descriptionOur vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities ( batchOverflow, proxyOverflow, transferFlaw, ownerAnyone). Some of them could be used by attackers to generate tokens out of nowhere while others can be used to steal tokens from legitimate holders. Today, we would like to report another vulnerability named multiOverflow that afflicts dozens of ERC20-based smart contracts. Our investigation shows that multiOverflow is another integer overflow bug which is similar to batchOverflow but with its own characteristics. ### Details Integer overflow has been one of most common root causes of vulnerabilities in smart contracts. The multiOverflow bug also falls in this category. ![](https://images.seebug.org/1527735503476-w331s) Figure 1: The Vulnerable Function: transferMulti() We show in Figure 1 the vulnerable function, i.e., transferMulti(). This function takes two parameters: an address array, _to, for naming receivers and an uint256 array, _value, for holding the amount transferring to each receiver. In line 250, we notice that amount is calculated by adding the product of _value and 10 to the power of decimal (set as 8 in the contract constructor). Obviously, this could be an integer overflow case because the sanity check in line 252 can be easily bypassed. To demonstrate, we craft a proof-of-concept with following parameters: 1. _to * 0x93995bc9db9ae7af4f969400012c6fe94c93f761 * 0x0c2a5f9a88bf2467f0b90e80e263e6c25daed62d 2. _value * 0x15798ee2308c39df9fb841a566d74f87a7a9a7aeb02c2d2f8e0d1e768e * 0x15798ee2308c39df9fb841a566d74f87a7a9a7aeb02c2d2f8e0d1e768e Since there’re two receivers, the loop in line 249-251 would be iterated twice. The execution proceeds as follows: ``` Iteration 1 amount += _value[0]*10**uint256(decimals); ==> amount += 0x15798ee2308c39df9fb841a566d74f87a7a9a7aeb02c2d2f8e0d1e768e * 100,000,000 (line 250) Iteration 2 amount += _value[1]*10**uint256(decimals); ==> amount += 0x15798ee2308c39df9fb841a566d74f87a7a9a7aeb02c2d2f8e0d1e768e * 100,000,000 (line 250) ``` Now, amount is overflowed successfully to 0x10000000000000000000000000000000000000000000000000000000004319c00 which equals to 0x4319c00 in uint256 format. As long as the attacker has enough tokens, i.e., balanceOf[msg.sender] >= 0x4319c00, each receiver will receive a tremendous number of tokens — 0x800000000000000000000000000000000000000000000000000000000218ce00. The following figure demonstrates a successful attack which proves our theory: ![](https://images.seebug.org/1527735546757-w331s) Figure 2: A multiOverflow-Exploiting POC ### Affected Tokens The multiOverflow bug is of the same nature of other integer overflow vulnerabilities (e.g., batchOverflow and proxyOverflow) and could cause similar damages. When analyzing deployed smart contracts, we find a few are affected. A particular example token is [SCA](https://etherscan.io/address/0xb75a5e36cc668bc8fe468e8f272cd4a0fd0fd773), which is deployed by [SocialChain](http://www.social-chain.io/index.html) (a blockchain startup focusing on entertainment and leisure industries). SCA is currently in the pre-sale stage, which means a successful multiOverflow attack can wreak havoc and cause serious financial loss to the company. Upon the detection, we immediately contacted SocialChain and provided them with vulnerability details and necessary technical supports. The SCA team promptly responded to our notification and took actions to fix the problem actively. As of the time publishing this blog, a new smart contract with the multiOverflow bug fixed has been deployed while all addresses holding SCA tokens have been mapped to the new contract successfully. We applaud the team’s reaction and believe this is what a high-quality development team should behave! ### Conclusion As cryptocurrency is getting acceptable to the public, a popular way for entrepreneurs to raise funds is to issue tokens. Compare to prosperity of various tokens, security in blockchain is still at a primitive stage. As indicated in recent discovery of various smart contract vulnerabilities, very few (token-issuing) teams have taken the security into serious consideration before deploying their smart contracts. We believe security is essential in any blockchain-based smart contracts and any token-related businesses (including ICOs and live DAPPs). Ealier vulnerabilities such as batchOverflow and proxyOverflow have demonstrated how devastating they could be once exploited by attackers. Regarding the SocialChain case, it’s fortunate that we are ahead by identifying and fixing the bug before any multiOverflow attack, thus successfully preventing possible damage or financial loss. But always keep in mind, attackers are out there, lurking in the shadows and seeking for another chance. This would be an endless arms race!
idSSV:97320
last seen2018-06-26
modified2018-05-31
published2018-05-31
reporterMy Seebug
titleNew multiOverflow Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-10706)