Lucene search
K

9 matches found

Code423n4
Code423n4
added 2023/11/15 12:0 a.m.14 views

DepositPool is susceptible to the inflation attack

Lines of code Vulnerability details Summary The DepositPool contract is susceptible to the Inflation Attack, in which the first depositor can be front-runned by an attacker to steal their deposit. Impact The DepositPool pool contract acts mainly as a vault: accounts deposit LST assets and get bac...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.12 views

getAssetPrice in ChainlinkPriceOracle.sol can return stale price.

Lines of code Vulnerability details Summary On chainlink oracle for every pair of tokens price updating time is different. After that particular time the price will be updated. getAssetPrice function is not checking when the last time the price was updated. So it may return stale price . So the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.18 views

Biased rsETH price calculation in depositAsset results in lesser rsETH minted to user

Lines of code Vulnerability details Impact The LRTDepositPool acts as a simplified vault allowing restakers to transfer their liquid staked tokens and receive rsETH tokens based on the current rsETH exchange rate. rsETH are minted to user by interacting with depositAsset function of LRTDepositPoo...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.7 views

setDirectPrice is vulnerable to sandwich attack

Lines of code Vulnerability details Impact In ChainlinkOracle.sol we have setDirectPrice: function setDirectPriceaddress asset, uint256 price external onlyAdmin emit PricePostedasset, pricesasset, price, price; pricesasset = price; This function setDirectPrice allows the admin...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/10/27 12:0 a.m.14 views

Uniswap / Sushiswap prices can be manipulated through flashloans

Handle cmichel Vulnerability details The UniswapV2CSSR.getExchangeRatio uses the current reserve to derive the exchange ratio. The fact that it mixes in historic data does not matter because it still uses the current reserves which can be manipulated through flashloans in currentPriceCumulative...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/09/05 12:0 a.m.22 views

.latestRoundData() does not update the oracle - ExchangeRate.sol

Handle tensors Vulnerability details Impact The method .latestRoundData on an oracle returns the latest updated price from the oracle, but this is not the current price of an asset. To get an accurate current price you need to query it by calling the oracle and waiting for a callback to fulfill t...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/08/07 12:0 a.m.8 views

Prevent markets getting stuck when prices don't move

Handle gpersoon Vulnerability details Impact Suppose there is a synthetic token where the price stays constant, for example: synthetic DAI with a payment token of DAI the price will not move binary option token for example tracking the USA elections; after the election results there will be no mo...

6.8AI score
Exploits0
NVD
NVD
added 2020/06/03 5:15 p.m.13 views

CVE-2019-20809

The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings...

7.5CVSS7.3AI score0.00882EPSS
Exploits0References1
CVE
CVE
added 2020/06/03 4:54 p.m.48 views

CVE-2019-20809

CVE-2019-20809 affects Compound Finance’s PriceOracle.sol (Compound Price Oracle 1.0–2.0). A price poster can call setPrice to set an invalid asset price, violating intended swing limits and potentially manipulating downstream pricing. Exploitation details are not provided in the connected docume...

7.5CVSS7.2AI score0.00882EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder