SB2021010305 - Security restrictions bypass in Stable Yield Credit (yCREDIT)

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021010305

SB2021010305 - Security restrictions bypass in Stable Yield Credit (yCREDIT)

Published: January 3, 2021

Security Bulletin ID SB2021010305
CSH Severity
High
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Incorrect calculation (CVE-ID: CVE-2021-3004)

CWE-ID: CWE-682 - Incorrect Calculation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber


The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect calculation performed by the application. The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.

Note, the vulnerability has been exploited in the wild in January 2021.


Remediation

Install update from vendor's website.

References