CVE-2021-3006 Information

Description

The breed function in the smart contract implementation for Farm in Seal Finance (Seal) an Ethereum token lacks access control and thus allows price manipulation as exploited in the wild in December 2020 and January 2021.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

https://blocksecteam.medium.com/security-incident-on-seal-finance-fa79c27a1c3b https://etherscan.io/address/0x33c2da7fd5b125e629b3950f3c38d7f721d7b30d

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5