Vulnerability: Cross-Token Replay Attack in SmartMesh (SMT) Smart Contract Implementation

Vulnerability: Cross-Token Replay Attack in SmartMesh (SMT) Smart Contract Implementation

CVE-2018-10769 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT).

Learn more about our Network Penetration Testing.