Lucene search

[email protected]NVD:CVE-2021-3004

HistoryJan 03, 2021 - 4:15 a.m.

CVE-2021-3004

2021-01-0304:15:12

CWE-682

[email protected]

web.nvd.nist.gov

smart contract

incorrect calculations

ycredit tokens

ethereum

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

38.8%

JSON

The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.

Affected configurations

Nvd

Node

stableyieldcredit_projectstableyieldcreditMatch-

VendorProductVersionCPE
stableyieldcredit_projectstableyieldcredit-cpe:2.3:a:stableyieldcredit_project:stableyieldcredit:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
stableyieldcredit_project	stableyieldcredit	-	cpe:2.3:a:stableyieldcredit_project:stableyieldcredit:-:::::::*

References

blocksecteam.medium.com/deposit-less-get-more-ycredit-attack-details-f589f71674c3

etherscan.io/address/0xe0839f9b9688a77924208ad509e29952dc660261

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

38.8%

JSON

Related for NVD:CVE-2021-3004

cve1 prion1 cvelist1