4 matches found
Slippage protection missing
Lines of code Vulnerability details The MaxHeap contract does not check for slippage when updating item values. This could enable the admin to manipulate asset prices. Recommendation: Implement slippage protection by adding min/max checks in updateValue: function updateValueuint256 itemId, uint25...
Missing pause checks in LRTOracle
Lines of code Vulnerability details Summary The LRTOracle oracle provides functionality to pause the contract but no restrictions are applied when the contract is in a paused state. Impact Similar to the other contracts in the protocol, the LRTOracle contract offers pausing functionality: 101: //...
Chainlink's latestRoundData might return stale or incorrect results
Lines of code Vulnerability details Impact The getPORFeedData function in the contract StaderOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID, resulting in stale prices. The oracle wrapper calls out to a...
CVE-2019-20809
The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings...