Critical Vulnerability: Unauthenticated Ownership Transfer in BOMBBA (BOMB) Smart Contract

Critical Vulnerability: Unauthenticated Ownership Transfer in BOMBBA (BOMB) Smart Contract

CVE-2018-19834 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

The quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity.

Learn more about our Web Application Penetration Testing UK.