CVE-2021-3004

HIGH

Stable Yield Credit - Info Disclosure

Title source: llm

Description

The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.

References (2)

[Exploit, Third Party Advisory] https://blocksecteam.medium.com/deposit-less-get-more-ycredit-attack-details-f589f71674c3

[Third Party Advisory] https://etherscan.io/address/0xe0839f9b9688a77924208ad509e29952dc660261

Scores

CVSS v3 7.5

EPSS 0.0021

EPSS Percentile 43.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-682

Status published

Affected Products (1)

stableyieldcredit_project/stableyieldcredit

Timeline

Published Jan 03, 2021

Tracked Since Feb 18, 2026