Incorrect Calculation in yCREDIT Smart Contract Allows for Token Manipulation

Incorrect Calculation in yCREDIT Smart Contract Allows for Token Manipulation

CVE-2021-3004 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.

Learn more about our Web Application Penetration Testing UK.