CVE-2020-35962
Description
The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.
- CVSS Version 3.1
- CVSS Version 2.0
nvd
CVE ID: CVE-2020-35962
Base Score: 7.5
Base Severity: HIGH
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 3.9
nvd
CVE ID: CVE-2020-35962
Base Score: 5.0
Base Severity: MEDIUM
Vector String:AV:N/AC:L/Au:N/C:N/I:P/A:N
Refrence: NVD