Description
The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://blocksecteam.medium.com/deposit-less-get-more-ycredit-attack-details-f589f71674c3
Third Party Advisory x_refsource_misc
https://etherscan.io/address/0xe0839f9b9688a77924208ad509e29952dc660261
Scores
CVSS v3
7.5
EPSS
0.0126
EPSS Percentile
65.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-682
Status
published
Products (1)
stableyieldcredit_project/stableyieldcredit
Published
Jan 03, 2021
Tracked Since
Feb 18, 2026