CVE-2021-3006 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation, as exploited in the wild in December 2020 and January 2021.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Seal Finance Project	Seal Finance	-

References

https://blocksecteam.medium.com/security-incident-on-seal-finance-fa79c27a1c3bExploitThird Party Advisory
https://etherscan.io/address/0x33c2da7fd5b125e629b3950f3c38d7f721d7b30dThird Party Advisory
https://blocksecteam.medium.com/security-incident-on-seal-finance-fa79c27a1c3bExploitThird Party Advisory
https://etherscan.io/address/0x33c2da7fd5b125e629b3950f3c38d7f721d7b30dThird Party Advisory

FAQ

What is CVE-2021-3006?

CVE-2021-3006 is a vulnerability with a CVSS score of 7.5 (HIGH). The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation, as exploited in the wild in Decembe...

How severe is CVE-2021-3006?

CVE-2021-3006 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3006?

Check the references section above for vendor advisories and patch information. Affected products include: Seal Finance Project Seal Finance.