CVE-2018-19831

The ToOwner() function of a smart contract implementation for Cryptbond Network (CBN), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cryptbond_network_project:cryptbond_network:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:58

Type Values Removed Values Added
References () https://github.com/SmartContractResearcher/SmartContractSecurity/blob/master/New%20Vulnerabilities%20Allow%20Anyone%20to%20Own%20Certain%20ERC20-Based%20Smart%20Contracts%28CVE-2018-19830%2C%20CVE-2018-19831%2C%20CVE-2018-19832%2C%20CVE-2018-19833%2C%20CVE-2018-19834%29/README.md - () https://github.com/SmartContractResearcher/SmartContractSecurity/blob/master/New%20Vulnerabilities%20Allow%20Anyone%20to%20Own%20Certain%20ERC20-Based%20Smart%20Contracts%28CVE-2018-19830%2C%20CVE-2018-19831%2C%20CVE-2018-19832%2C%20CVE-2018-19833%2C%20CVE-2018-19834%29/README.md -

07 Nov 2023, 02:55

Type Values Removed Values Added
References
  • {'url': 'https://github.com/SmartContractResearcher/SmartContractSecurity/blob/master/New%20Vulnerabilities%20Allow%20Anyone%20to%20Own%20Certain%20ERC20-Based%20Smart%20Contracts(CVE-2018-19830%2C%20CVE-2018-19831%2C%20CVE-2018-19832%2C%20CVE-2018-19833%2C%20CVE-2018-19834)/README.md', 'name': 'https://github.com/SmartContractResearcher/SmartContractSecurity/blob/master/New%20Vulnerabilities%20Allow%20Anyone%20to%20Own%20Certain%20ERC20-Based%20Smart%20Contracts(CVE-2018-19830%2C%20CVE-2018-19831%2C%20CVE-2018-19832%2C%20CVE-2018-19833%2C%20CVE-2018-19834)/README.md', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://github.com/SmartContractResearcher/SmartContractSecurity/blob/master/New%20Vulnerabilities%20Allow%20Anyone%20to%20Own%20Certain%20ERC20-Based%20Smart%20Contracts%28CVE-2018-19830%2C%20CVE-2018-19831%2C%20CVE-2018-19832%2C%20CVE-2018-19833%2C%20CVE-2018-19834%29/README.md -

Information

Published : 2019-12-31 16:15

Updated : 2024-11-21 03:58


NVD link : CVE-2018-19831

Mitre link : CVE-2018-19831

CVE.ORG link : CVE-2018-19831


JSON object : View

Products Affected

cryptbond_network_project

  • cryptbond_network
CWE
CWE-287

Improper Authentication