Main Vulnerability Database SB2021010304

SB2021010304 - Improper access control in Seal Finance (Seal)

Published: January 3, 2021

Security Bulletin ID SB2021010304

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2021-3006)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation.

Note, the vulnerability has been exploited in the wild in December 2020 and January 2021.

Remediation

Install update from vendor's website.

References

https://blocksecteam.medium.com/security-incident-on-seal-finance-fa79c27a1c3b
https://etherscan.io/address/0x33c2da7fd5b125e629b3950f3c38d7f721d7b30d