Lucene search
+L

242 matches found

Code423n4
Code423n4
added 2022/04/19 12:0 a.m.12 views

latestRoundData data insufficiently validated

Lines of code Vulnerability details Impact The data returned by the Chainlink latestRoundData function may be stale. There should be checks applied on the data received from Chainlink to validate that it is not stale. Proof of Concept The ChainlinkPriceOracle contract has these two lines , int...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/19 12:0 a.m.16 views

Improper Validation Of Chainlink's latestRoundData Function

Lines of code Vulnerability details Impact When using Chainlink Price feeds, it is important to ensure the price feed data was updated recently. While getting started with chainlink requires just one line of code, it is best to add additional checks for "in production" environments. Here,...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/19 12:0 a.m.17 views

Chainlink oracle might return stale data

Lines of code Vulnerability details Impact Oracle might return stale data for basePrice and quotePrice. Proof of Concept refreshedAssetPerBaseInUQ in ChainlinkPriceOracle.sol does not check if the data from Chainlink is fresh . If there is a problem with the Chainlink oracle, this contract may be...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/19 12:0 a.m.13 views

Should check return data from chainlink aggregators

Lines of code Vulnerability details Impact The refreshedAssetPerBaseInUQ function in the contract ChainlinkPriceOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID nor timeStamp, resulting in stale prices. The...

6.4AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.13 views

Use of deprecated Chainlink oracle aggregator function latestAnswer

Lines of code Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. This function does not error if no answer has been reached but returns 0. The function is not present in the latest API reference AggregatorInterfaceV3. Proof of Concept...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.22 views

use of deprecated chainlink oracle method

Lines of code Vulnerability details Impact latestanswer , this method does not error if no answer has been reached, it will simply return 0, since we have checks in function requireanswer 0, "invalidoracleanswer"; we may not get the latest value of current price which can affect the functionality...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.10 views

Usage of deprecated Chainlink functions

Lines of code Vulnerability details Impact The Chainlink function latestAnswer is deprecated. Instead, use latestRoundData. As seen in the changelog, Chainlink encourages people to use the latestRoundData function. It's not clear when the support for deprecated functions ends. Here's the same iss...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.24 views

Deprecated CHAINLINK API usage

Lines of code Vulnerability details Impact Usage of deprecated chainlink function to get collateral price. Proof of Concept The Chainlink API latestAnswer used in the FungibleAssetVaultForDAO contract is deprecated: This method returns the last value but that value cannot be fully updated. New V3...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.12 views

Use of deprecated oracle API in _normalizeAggregatorAnswer

Lines of code Vulnerability details Use of deprecated oracle API in normalizeAggregatorAnswer Likelihood low, impact high. The Chainlink latestAnswer function included in IAggregatorV3Interface and called in NFTVaultnormalizeAggregatorAnswer is considered deprecated and no longer included in the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.5 views

Oracle Prices Used Could Be Stale Or Manipulated due to latestAnswer() call

Lines of code Vulnerability details Impact In the various calls to the Chainlink oracle, the deprecated API function latestAnswer is used. This approach is vulnerable to price manipulation and stale prices according to the Chainlink documentation. This vulnerability was marked as Medium severity ...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.11 views

Use of deprecated Chainlink API

Lines of code Vulnerability details Impact The contract uses Chainlink’s deprecated API latestAnswer. Such functions might suddenly stop working if Chainlink stopped supporting deprecated APIs. Impact: Deprecated API stops working. Prices cannot be obtained. Protocol stops and contracts have to b...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.10 views

Usage of deprecated ChainLink API

Lines of code Vulnerability details Impact The Chainlink API latestAnswer function is used in two places but it is deprecated: This API is deprecated. Please see API Reference for the latest Price Feed API. Chainlink Docs The latestAnswer function does not revert if no answer has been reached but...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.11 views

Use of deprecated Chainlink function latestAnswer

Lines of code Vulnerability details function normalizeAggregatorAnswerIAggregatorV3Interface aggregator internal view returns uint256 int256 answer = aggregator.latestAnswer; uint8 decimals = aggregator.decimals; requireanswer 0, "invalidoracleanswer"; //converts the answer to have 18 decimals...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.11 views

Uncontrolled usage of Chainlink API for core price retrieval

Lines of code Vulnerability details Impact Chainlink's latestAnswer usage can yield stale price information, which is crucial for borrowing and liquidation. latestAnswer is having less ways to be controlled compared to latestRoundData, which is advised for price sensitive operations. Staling pric...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.15 views

Use latestRoundData instead latestAnswer of Chainlink aggregators

Lines of code Vulnerability details Impact Use latestAnswer in vaults/NFTVault.sol may get stale ETH price in USD ethPriceUSD, stale value in ETH of the NFT ​​getNFTValueETH, stale JPEG price in USD jpegPriceUSD, and also stale USD price of one unit of collateral asset collateralPriceUsd of...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.8 views

Use of deprecated oracle API in _collateralPriceUsd

Lines of code Vulnerability details Likelihood low, impact high. The Chainlink latestAnswer function included in IAggregatorV3Interface and called in FungibleAssetVaultForDAOcollateralPriceUsd is considered deprecated and no longer included in the Chainlink API documentation. It's considered best...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/12 12:0 a.m.8 views

Usage of deprecated Chainlink's latestAnswer function

Lines of code Vulnerability details Impact Contract NFTVault.sol uses Chainlink's latestAnswer as an oracle for prices of multiple assets. This function will return the last value, but it is not possible to check if the provided data is fresh. In addition latestAnswer has been marked as deprecate...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/12 12:0 a.m.10 views

Use of deprecated API for chainlink aggregator

Lines of code Vulnerability details Impact Price returned by oracle could be stale Proof of Concept The use of aggregator.latestAnswer is deprecated and could lead to stale data if the data wasn't recently updated. This is especially important for checking NFT prices since prices can change quick...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/12 12:0 a.m.7 views

Usage of deprecated Chainlink's latestAnswer function

Lines of code Vulnerability details Impact Contracts NFTVault.sol and FungibleAssetVaultForDAO use Chainlink's latestAnswer as an oracle for prices of multiple assets. This function will return the last value, but it is not possible to check if the provided data is fresh. In addition latestAnswer...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/12 12:0 a.m.14 views

FungibleAssetVaultForDAO: Use latestRoundData + validate data freshness

Lines of code Vulnerability details Details & Impact The deprecated latestAnswer API is being used, which may at any time fail to work if Chainlink ends support for it. In addition, the data freshness should be checked. The oracle could, for example, not have been updated in a while, causing...

6.8AI score
Exploits0
Rows per page
Query Builder