#VU49214 Improper access control in Seal Finance - CVE-2021-3006
Published: January 3, 2021 / Updated: January 3, 2021
Vulnerability identifier: #VU49214
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2021-3006
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Seal Finance
Seal Finance
Software vendor:
Seal Finance
Seal Finance
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation.
Note, the vulnerability has been exploited in the wild in December 2020 and January 2021.
Remediation
Install updates from vendor's website.