Access Control Vulnerability in Loopring (LRC) Smart Contract Allows Price Manipulation

Access Control Vulnerability in Loopring (LRC) Smart Contract Allows Price Manipulation

CVE-2020-35962 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.

Learn more about our Web Application Penetration Testing UK.