CVE-2021-3004

high

Description

The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.

References

https://etherscan.io/address/0xe0839f9b9688a77924208ad509e29952dc660261

https://blocksecteam.medium.com/deposit-less-get-more-ycredit-attack-details-f589f71674c3

Details

Source: Mitre, NVD

Published: 2021-01-03

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.00213