CVE-2021-3004
7.5 HIGHThe _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect ca...
Published: 2021-01-03 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- CWE
- CWE-682
Affected products
| Vendor | Product |
|---|---|
| stableyieldcredit_project | stableyieldcredit |
Description
The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3004
- [Exploit reference]https://blocksecteam.medium.com/deposit-less-get-more-ycredit-attack-details-f589f71674c3
- [Other]https://etherscan.io/address/0xe0839f9b9688a77924208ad509e29952dc660261
- [Exploit reference]https://blocksecteam.medium.com/deposit-less-get-more-ycredit-attack-details-f589f71674c3
- [Other]https://etherscan.io/address/0xe0839f9b9688a77924208ad509e29952dc660261
Related CVEs
Same CWE
- CVE-2026-44074 — Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error cond... (3.7 LOW)
- CVE-2026-7836 — An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remo... (3.1 LOW)
- CVE-2023-7346 — Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin ... (4.0 MEDIUM)
- CVE-2025-5372 — A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for ke... (5.0 MEDIUM)
- CVE-2021-41122 — Vyper is a Pythonic Smart Contract Language for the EVM (4.3 MEDIUM)