The approveAndCallcode function of a smart contract implementation for Globalvillage ecosystem (GVE), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer the contract's balances into their account) because the callcode (i.e., _spender.call(_extraData)) is not verified, aka the "evilReflex" issue. NOTE: a PeckShield disclosure states "some researchers have independently discussed the mechanism of such vulnerability."
Add your gear to cvedb and we'll alert you only when gve ships something exploited.
Check my exposure →This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.