Access Control Vulnerability in Loopring (LRC) Smart Contract Allows Price Manipulation
CVE-2020-35962 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.
Learn more about our Web Application Penetration Testing UK.