exploitDog

CVE-2021-3004

Опубликовано: 03 янв. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.

Ссылки

https://blocksecteam.medium.com/deposit-less-get-more-ycredit-attack-details-f589f71674c3
Exploit
Third Party Advisory
https://etherscan.io/address/0xe0839f9b9688a77924208ad509e29952dc660261
Third Party Advisory
https://blocksecteam.medium.com/deposit-less-get-more-ycredit-attack-details-f589f71674c3
Exploit
Third Party Advisory
https://etherscan.io/address/0xe0839f9b9688a77924208ad509e29952dc660261
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:stableyieldcredit_project:stableyieldcredit:-:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00213

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-682

Связанные уязвимости

GHSA-vw53-rmxx-2xmr

github

больше 3 лет назад

The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.

EPSS

Процентиль: 44%

0.00213

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-682