CVE-2021-3006

The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 03, 2021
Published Date: January 03, 2021
Last Updated: August 03, 2024
Vendor: n/a
Product: n/a
Description: The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum token, lacks access control and thus allows price manipulation, as exploited in the wild in December 2020 and January 2021.

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploit Status

Exploited in the Wild: Yes (2021-01-03 05:49:30 UTC) Source

References

https://etherscan.io/address/0x33c2da7fd5b125e629b3950f3c38d7f721d7b30d https://blocksecteam.medium.com/security-incident-on-seal-finance-fa79c27a1c3b

Known Exploited Vulnerability Information

Source	Added Date
CVE	2021-01-03 05:49:30 UTC

Timeline

CVE ID Reserved

January 03, 2021
CVE Published to Public

January 03, 2021
Added to KEVIntel

January 03, 2021