On July 8th, 2018, John Wick Security Lab revealed highly risky transactions in AMMBR(AMR) contract. It contains an integer overflow bug that could be made use of by hackers calling batchTransfer(), resulting in transferring out tokens without limits.

After reviewing source code, SECBIT team has found that this issue paralleled with the former BEC Token issue [1]. A variable named totalTokensToTransfer in multiTransfer() stands for the sum of tokens transferred out, which is computed by summing up all tokens[i] , and the contract checks if the balance exceeds totalTokensToTransfer .