4 matches found
Cyber Risk Prioritization: A Practical Guide
For years, security teams have relied on static scores like CVSS to guide their patching efforts. While helpful, these scores only tell part of the story. They show a vulnerability's potential severity but lack the real-world context of what attackers are actually doing right now. A theoretical...
Chainlink oracle will return the wrong price for asset if underlying aggregator hits minAnswer / max answer
Lines of code Vulnerability details Impact Chainlink oracle will return the wrong price for asset if underlying aggregator hits minAnswer / max answer and the deposit asset can be wrongly valued, leads to overborrowing Proof of Concept Chainlink aggregators have a built in circuit breaker if the...
Historic data being requested as a part of MochiVault.withdraw and borrow functions can be outdated, so a user can avoid historic data update with sending old piece of _data
Handle hyh Vulnerability details Impact Asking to provide historic data proof doesn't imply that pricing is current, a malicious user can wait for market volatility and do deposit/borrow sequence with outdated price, borrowing more than current market value of supplied assets for example, suppose...
Seven Security Strategies, Summarized
This is the sort of story that starts as a comment on Twitter, then becomes a blog post when I realize I can't fit all the ideas into one or two Tweets. You know how much I hate Tweet threads, and how I encourage everyone to capture deep thoughts in blog posts! In the interest of capturing the...