The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.
https://etherscan.io/address/0xe0839f9b9688a77924208ad509e29952dc660261
https://blocksecteam.medium.com/deposit-less-get-more-ycredit-attack-details-f589f71674c3