PT-2021-11885 · Loopring · Loopring

Published

2021-01-03

Updated

2021-07-21

CVE-2020-35962

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Loopring (LRC) (affected versions not specified)

Description: The issue concerns a lack of access control in the sellTokenForLRC function within the vault protocol of the Loopring smart contract implementation. This lack of control allows for price manipulation due to unregulated fee swapping.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-35962

Affected Products

Loopring

PT-2021-11885 · Loopring · Loopring

CVE-2020-35962

Related Identifiers

Affected Products

References · 4