CVE-2021-3004

{"id": "CVE-2021-3004", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-01-03T04:15:12.263", "references": [{"url": "https://blocksecteam.medium.com/deposit-less-get-more-ycredit-attack-details-f589f71674c3", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://etherscan.io/address/0xe0839f9b9688a77924208ad509e29952dc660261", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-682"}]}], "descriptions": [{"lang": "en", "value": "The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should."}, {"lang": "es", "value": "La funci\u00f3n _deposit en la implementaci\u00f3n del contrato inteligente para Stable Yield Credit (yCREDIT), un token de Ethereum, presenta determinados c\u00e1lculos incorrectos. Un atacante puede obtener m\u00e1s tokens yCREDIT de los que deber\u00eda."}], "lastModified": "2021-01-07T20:52:44.637", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stableyieldcredit_project:stableyieldcredit:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36D96995-BA15-47CD-BD6A-4CD8B0B4773C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}