Vulnerability Details : CVE-2021-3006
The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation, as exploited in the wild in December 2020 and January 2021.
Products affected by CVE-2021-3006
- cpe:2.3:a:seal_finance_project:seal_finance:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-3006
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3006
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2021-3006
-
https://etherscan.io/address/0x33c2da7fd5b125e629b3950f3c38d7f721d7b30d
Attention Required! | CloudflareThird Party Advisory
-
https://blocksecteam.medium.com/security-incident-on-seal-finance-fa79c27a1c3b
Security incident on Seal Finance | by BlockSecTeam | Jan, 2021 | MediumExploit;Third Party Advisory
Jump to