CVE Vulnerability

CVE-2021-3006

The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation, as exploited in the wild in December 2020 and January 2021.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://blocksecteam.medium.com/security-incident-on-seal-finance-fa79c27a1c3b Exploit Third Party Advisory
https://etherscan.io/address/0x33c2da7fd5b125e629b3950f3c38d7f721d7b30d Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:seal_finance_project:seal_finance:-:*:*:*:*:*:*:*
Information

Published : 2021-01-03 06:15

Updated : 2022-07-12 05:42

NVD link : CVE-2021-3006

Mitre link : CVE-2021-3006

Products Affected
No products.
CWE
NVD-CWE-Other