CVE-2018-10769 - OpenCVE

The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT).

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
First Project	First
Gg Token Project	Gg Token
Mesh Project	Mesh
Mtc Project	Mtc
Smartmesh Project	Smartmesh
Ugtoken Project	Ugtoken

Configuration 1 [-]

cpe:2.3:a:smartmesh_project:smartmesh:-:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:ugtoken_project:ugtoken:-:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:gg_token_project:gg_token:-:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:first_project:first:-:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:mtc_project:mtc:-:*:*:*:*:*:*:*

Configuration 6 [-]

cpe:2.3:a:mesh_project:mesh:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.md
https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-08-10T15:00:00

Updated: 2024-08-05T07:46:46.626Z

Reserved: 2018-05-06T00:00:00

Link: CVE-2018-10769

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-08-10T15:29:00.237

Modified: 2023-11-07T02:51:32.420

Link: CVE-2018-10769

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-08-08T00:00:00", "descriptions": [{"lang": "en", "value": "The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-08T10:06:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.md"}, {"name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-10769", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.md", "refsource": "MISC", "url": "https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.md"}, {"name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:46:46.626Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.md"}, {"name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-10769", "datePublished": "2018-08-10T15:00:00", "dateReserved": "2018-05-06T00:00:00", "dateUpdated": "2024-08-05T07:46:46.626Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:smartmesh_project:smartmesh:-:*:*:*:*:*:*:*", "matchCriteriaId": "B6986ACD-1B81-42DE-956A-83E83D025521", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ugtoken_project:ugtoken:-:*:*:*:*:*:*:*", "matchCriteriaId": "B339C7C0-B6B9-4DCA-AD78-7BC8B6463F22", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gg_token_project:gg_token:-:*:*:*:*:*:*:*", "matchCriteriaId": "90E53223-A11C-456D-BA04-8E438B5FC593", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:first_project:first:-:*:*:*:*:*:*:*", "matchCriteriaId": "54D67528-5A85-4EB0-8938-0756BEC62D5E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mtc_project:mtc:-:*:*:*:*:*:*:*", "matchCriteriaId": "5780CA95-8F7D-48F6-B3E4-AE508AAA8563", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mesh_project:mesh:-:*:*:*:*:*:*:*", "matchCriteriaId": "111835EF-6FB4-454E-A84C-6A32C3FB97F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT)."}, {"lang": "es", "value": "Las funciones transferProxy y approveProxy de una implementaci\u00f3n de contrato inteligente para SmartMesh (SMT), un token de Ethereum ERC20, permiten que los atacantes logren una transferencia de activos digitales no autorizada debido a que los ataques de reproducci\u00f3n pueden ocurrir con las funciones del mismo nombre (con las mismas firmas) en otros tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh) y UG Token (UGT)."}], "id": "CVE-2018-10769", "lastModified": "2023-11-07T02:51:32.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-10T15:29:00.237", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.md"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}