BAFC Smart Contract Vulnerability: Unauthorized Ownership Transfer via UBSexToken() Function

BAFC Smart Contract Vulnerability: Unauthorized Ownership Transfer via UBSexToken() Function

CVE-2018-19830 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

The UBSexToken() function of a smart contract implementation for Business Alliance Financial Circle (BAFC), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function is public (by default) and does not check the caller's identity.

Learn more about our Web Application Penetration Testing UK.