11 matches found
Risk of Incorrect Collateral Pricing in Case of Aggregator Reaching minAnswer
Lines of code Vulnerability details Impact Chainlink aggregators have a built-in circuit breaker to prevent the price of an asset from deviating outside a predefined price range. This circuit breaker may cause the oracle to persistently return the minPrice instead of the actual asset price in the...
Upgraded Q -> M from #472 [1674665995647]
Judge has assessed an item in Issue 472 as M risk. The relevant finding follows: L-01 CHAINLINK AGGREGATOR IS NOT SUFFICIENTLY VALIDATED AND CAN RETURN STALE ANSWER As shown below, calling the getAssetPrice function in the ParaSpaceOracle contract can execute price = uint256source.latestAnswer,...
Outdated Interface Implementation
Lines of code Vulnerability details Impact The Chainlink aggregator interface used by the project is outdated and does not permit the project to properly sanitize the price values it receives. Recommended Mitigation Steps The interface is to be updated according to the official Chainlink...
Should check return data from chainlink aggregators
Lines of code Vulnerability details Impact The refreshedAssetPerBaseInUQ function in the contract ChainlinkPriceOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID nor timeStamp, resulting in stale prices. The...
Use of deprecated API for chainlink aggregator
Lines of code Vulnerability details Impact Price returned by oracle could be stale Proof of Concept The use of aggregator.latestAnswer is deprecated and could lead to stale data if the data wasn't recently updated. This is especially important for checking NFT prices since prices can change quick...
Function getUnderlyingPrice in Oracle.sol does not check the price returned from chainlink aggregators
Lines of code Vulnerability details Impact The getUnderlyingPrice function in the contract Oracle.sol fetches the answer directly from a Chainlink aggregator using the latestRoundData function. There is no check if the return value is 0 or indicates stale data. This could lead to incorrect or sta...
Functions getLatestRoundData and getRoundData do not check that the price returned from a chainlink aggregator is != 0 (Oracle.sol)
Lines of code Vulnerability details Impact The getLatestRoundData function in the contract Oracle.sol fetches the latestPrice directly from a Chainlink aggregator using the latestRoundData function. While latestPrice is checked for 0 and staleness, there is no check if the value is != 0. This cou...
SHOULD CHECK RETURN DATA FROM CHAINLINK AGGREGATORS
Handle defsec Vulnerability details Impact The peek function in the contract Cvx3CrvOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on timestamp, resulting in stale prices. The oracle wrapper calls out to a chainlink...
SHOULD CHECK RETURN DATA FROM CHAINLINK AGGREGATORS
Handle defsec Vulnerability details Impact The consult function in the contract TwapOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on timeStamp, resulting in stale prices. The oracle wrapper calls out to a chainlink...
Should a Chainlink aggregator become stuck in a stale state then TwapOracle will become irrecoverably broken
Handle TomFrench Vulnerability details Impact Inability to call consult on the TwapOracle and so calculate the exchange rate between USDV and VADER. Proof of Concept Should any of the Chainlink aggregators used by the TwapOracle becomes stuck in such a state that the check on L143-146 of...
Should check return data from Chainlink aggregators
Handle shw Vulnerability details Impact The getEtherPrice function in the contract FSDNetwork fetches the ETH price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID nor timeStamp, resulting in stale prices. Proof of Concept Referenced code:...