CVE-2020-35962

CVE-2020-35962

EPSS 1.3%

The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blocksecteam.medium.com/loopring-lrc-protocol-incident-66e9470bd51f https://etherscan.io/address/0x4b89f8996892d137c3de1312d1dd4e4f4ffca171