H1DR4 case preview
SmartMesh proxyOverflow (CVE-2018-10376) clone family: MeshBox & M2C carry the identical transferProxy overflow; UET transferFrom comparison inversion
Read-only static-analysis pass over the April-2018 integer-overflow ERC20 cohort surfaces a verifiable, under-documented finding: MeshBox (MESH, 0x01F2AcF2914860331C1Cb1a9AcecDa7475e06Af8) and M2C Mesh Network (MTC, 0x8febf7551eea6ce499f96537ae0e2075c5a7301a) ship a BYTE-IDENTICAL clone of the SmartMesh (SMT) transferProxy() function that carries proxyOverflow / CVE-2018-10376. The guard if (balances[ from] < fee + value) revert(); sums two caller-supplied uint256 values with a raw '+'. Choosing value and fee so that fee + value overflows 2^256 makes the sum wrap below balances[ from], the guard passes, and the subsequent balances[ to] += value / balances[msg.sender] += fee credit tokens th...
2 tips
$0 linked rewards
OPEN