Vulnerabilities > GVE > Globalvillage Ecosystem > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-06-25 CVE-2018-12702 Improper Input Validation vulnerability in GVE Globalvillage Ecosystem
The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue.
network
low complexity
gve CWE-20
5.0