Vulnerability Details CVE-2021-3004
The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://blocksecteam.medium.com/deposit-less-get-more-ycredit-attack-details-f589f71674c3
- https://etherscan.io/address/0xe0839f9b9688a77924208ad509e29952dc660261
- https://blocksecteam.medium.com/deposit-less-get-more-ycredit-attack-details-f589f71674c3
- https://etherscan.io/address/0xe0839f9b9688a77924208ad509e29952dc660261
Products affected by CVE-2021-3004
-
cpe:2.3:a:stableyieldcredit_project:stableyieldcredit:-