link.png

ID:

cream-finance-1136

Date:

Status:

Incident Count:

June 13, 2021

Near-Miss

3

info.png
target.png
REKT

Contributor:

chain.png

web3rekt.com

KYC By:

KYC:

None

info.png

Audit By:

Audits:

Trail of Bits

Loss Amount:

-

info.png

Recovered:

-

Rewards:

20,750

Currency:

USD

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Data Sources:

Multi-chains

Protocol

Dexes

Rewards - Bug Bounties

Extended Method:

Logic error to validate whether a given user making a rewards claim had participated in their liquidity mining program from the appropriate time

info.png

Days in Operation:

0

(0.00 Years)

chain.png
chain.png
chain.png
chain.png
datasource.png

C.R.E.A.M. Finance is a decentralized lending protocol for individuals, institutions and protocols to access financial services. Part of the yearn finance ecosystem, it is a permissionless, open source and blockchain agnostic protocol serving users on Ethereum, Binance Smart Chain, Polygon and Fantom

Azeem, Co-Founder of DeFi protocol Armor, became aware of a vulnerability in Cream Finance circulating in the wild and promptly reported it to Immunefi on June 13. The vulnerability was rated as “critical” because it allowed a malicious user to drain Cream’s liquidity mining rewards contract of approximately $100,000 in CREAM tokens, even though it had been discontinued and was not issuing new rewards.

Cream Finance has awarded Azeem with a bounty of 135 CREAM, which was 20% of the contract’s TVL at the time of the report. The current market rate of that bounty comes out to $20,750.

Cream Finance formerly had a liquidity mining rewards contract that they recently discontinued prior to the reporting of the vulnerability. The liquidity program allowed users to accrue CREAM tokens as mining rewards for depositing or borrowing using the protocol.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.