CVE-2025-57247
BaseFortify
Publication date: 2025-10-06
Last updated on: 2025-10-08
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| batbtoken | smart_contract | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the BATBToken smart contract is due to incorrect access control in whitelist management functions. Specifically, the setColdWhiteList() and setSpecialAddress() functions are public without proper access restrictions, allowing any user to bypass transfer restrictions and manipulate special address settings. This means unauthorized users can circumvent cold time transfer limits and interfere with dividend distribution, leading to privilege escalation and breaking the intended tokenomics of the contract.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to bypass transfer restrictions and manipulate special addresses, potentially disrupting dividend distributions and escalating privileges within the token system. This could lead to financial loss, unfair token distribution, and undermining of trust in the token's intended economic model.