Lucene search
K

4 matches found

Code423n4
Code423n4
added 2023/12/21 12:0 a.m.19 views

Slippage protection missing

Lines of code Vulnerability details The MaxHeap contract does not check for slippage when updating item values. This could enable the admin to manipulate asset prices. Recommendation: Implement slippage protection by adding min/max checks in updateValue: function updateValueuint256 itemId, uint25...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.10 views

Missing pause checks in LRTOracle

Lines of code Vulnerability details Summary The LRTOracle oracle provides functionality to pause the contract but no restrictions are applied when the contract is in a paused state. Impact Similar to the other contracts in the protocol, the LRTOracle contract offers pausing functionality: 101: //...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.73 views

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact The getPORFeedData function in the contract StaderOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID, resulting in stale prices. The oracle wrapper calls out to a...

6.6AI score
Exploits0
Cvelist
Cvelist
added 2020/06/03 4:54 p.m.19 views

CVE-2019-20809

The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings...

7.3AI score0.00882EPSS
Exploits0References1
Rows per page
Query Builder