exploitDog

CVE-2020-35962

Опубликовано: 03 янв. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.

Ссылки

https://blocksecteam.medium.com/loopring-lrc-protocol-incident-66e9470bd51f
Exploit
Third Party Advisory
https://etherscan.io/address/0x4b89f8996892d137c3de1312d1dd4e4f4ffca171
Third Party Advisory
https://blocksecteam.medium.com/loopring-lrc-protocol-incident-66e9470bd51f
Exploit
Third Party Advisory
https://etherscan.io/address/0x4b89f8996892d137c3de1312d1dd4e4f4ffca171
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:loopring:loopring:-:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00213

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-q868-35f4-p658

github

больше 3 лет назад

The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.

EPSS

Процентиль: 44%

0.00213

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo