Vulnerability Details : CVE-2021-3004
Potential exploit
The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.
Products affected by CVE-2021-3004
- cpe:2.3:a:stableyieldcredit_project:stableyieldcredit:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-3004
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3004
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-3004
-
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-3004
-
https://etherscan.io/address/0xe0839f9b9688a77924208ad509e29952dc660261
Attention Required! | CloudflareThird Party Advisory
-
https://blocksecteam.medium.com/deposit-less-get-more-ycredit-attack-details-f589f71674c3
Deposit Less, Get More: yCREDIT Attack Details | by BlockSecTeam | Jan, 2021 | MediumExploit;Third Party Advisory
Jump to