Lucene search
+L

242 matches found

Code423n4
Code423n4
added 2022/01/30 12:0 a.m.11 views

Oracle data feed is insufficiently validated.

Handle throttle Vulnerability details Impact Price can be stale and can lead to wrong quoteAmount return value Proof of Concept Oracle data feed is insufficiently validated. There is no check for stale price and round completeness. Price can be stale and can lead to wrong quoteAmount return value...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.14 views

Improper Validation Of Chainlink's latestRoundData Function

Handle leastwood Vulnerability details Impact latestRoundData is missing additional validation to ensure that the round is complete and has returned a valid/expected price. This is documented here. Proof of Concept , int256 daiPrice, , , = DAI.latestRoundData; , int256 usdcPrice, , , =...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.17 views

latestRoundData data may be stale

Handle sirhashalot Vulnerability details Impact The Chainlink latestRoundData function is used in Cvx3CrvOracle.sol, but it is used without checking whether the data returns from the oracle is stale or not. Chainlink warns about this issue and describes how to check for it: Proof of Concept From...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.13 views

Cvx3CrvOracle does not check that Chainlink data is fresh.

Handle TomFrenchBlockchain Vulnerability details Impact Usage of stale prices when querying chainlink oracles. Proof of Concept Cvx3CrvOracle queries chainlink oracles for the prices of DAI, USDC and USDT, however it doesn't require that the response is fresh by checking which round the answer wa...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.9 views

Cvx3CrvOracle.sol _peek() returns wrong units

Handle sirhashalot Vulnerability details Impact The Cvx3CrvOracle.sol contract claims it "provides current values for Cvx3Crv". When getting the current values, "only cvx3crvid and ethId are accepted as asset identifiers" for the base and quote parameters to the peek and get functions. peek and g...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.6 views

Chainlink's latestRoundData might return stale results

Handle WatchPug Vulnerability details function peek bytes6 base, bytes6 quote, uint256 baseAmount private view returns uint256 quoteAmount, uint256 updateTime require base == ethId && quote == cvx3CrvId || base == cvx3CrvId && quote == ethId, "Invalid quote or base" ; , int256 daiPrice, , , =...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.6 views

Cvx3CrvOracle can report stale prices

Handle hyh Vulnerability details Impact Whenever Chainlink's latestRoundData for any reason returns some not recent, but positive price, it will be used as current price by Cvx3CrvOracle's peek and get despite there will be no confirmation for it. This way an attacker can monitor Chainlink oracle...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.8 views

Cvx3CrvOracle misses sanity checks for Chainlink responses

Handle kenzo Vulnerability details When querying Chainlink for stable prices, Cvx3CrvOracle doesn't run sanity checks against stale or incomplete results. This is unlike Yield's ChainlinkMultiOracle, which does execute those checks. Impact Stale or incorrect results might be returned. Proof of...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/01/29 12:0 a.m.11 views

Oracle might return stale or incorrect results (Cvx3CrvOracle.sol)

Handle ye0lde Vulnerability details Impact Oracle might return stale or incorrect results Cvx3CrvOracle.sol The peek function in the contract Cvx3CrvOracle.sol fetches the daiPrice, usdcPrice, usdtPrice from a Chainlink aggregator using the latestRoundData function. If there is a problem with...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/29 12:0 a.m.13 views

Chainlink oracle query in _validateOrder does not check that response is fresh

Handle TomFrenchBlockchain Vulnerability details Impact Potential for TreasuryManager to use a stale price to calculate the slippage limit, allowing unacceptable slippage relative to if the price feed was current. Proof of Concept EIP1271Wallet queries Chainlink for the most recent price for...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/28 12:0 a.m.11 views

Oracle prices could be not fresh

Handle 0x1f8b Vulnerability details Impact Unsafe oracle call. Proof of Concept The contract Cvx3CrvOracle doesn't check that the data is fress, it call the method latestRoundData, this method allow you to run some extra validations, but these validations were not made. According to the chain.lin...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/28 12:0 a.m.18 views

Chainlink's latestRoundData might return stale or incorrect results

Handle cccz Vulnerability details Impact On Cvx3CrvOracle.sol, we are using latestRoundData, but there is no check if the return value indicates stale data. This could lead to stale prices according to the Chainlink documentation: function peek bytes6 base, bytes6 quote, uint256 baseAmount privat...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/28 12:0 a.m.7 views

SHOULD CHECK RETURN DATA FROM CHAINLINK AGGREGATORS

Handle defsec Vulnerability details Impact The peek function in the contract Cvx3CrvOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on timestamp, resulting in stale prices. The oracle wrapper calls out to a chainlink...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/01/27 12:0 a.m.17 views

Use of deprecated Chainlink API

Handle 0x1f8b Vulnerability details Impact Deprecated API stops working. Prices cannot be obtained. Protocol stops and contracts have to be redeployed. Proof of Concept The contracts use Chainlink’s deprecated API latestAnswer. Such functions might suddenly stop working if Chainlink stopped...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/22 12:0 a.m.6 views

Chainlink's latestRoundData might return stale results

Handle WatchPug Vulnerability details function badChainlinkResponseChainlinkResponse memory response internal view returns bool // Check for response call reverted if !response.success return true; // Check for an invalid roundId that is 0 if response.roundId == 0 return true; // Check for an...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/20 12:0 a.m.11 views

PriceFeed ignores ChainLink roundId and will treat stale price as fresh

Handle hyh Vulnerability details Impact Stale 'carried over' price can be used for liquidations. This can cause various types of malfunctions and manipulated liquidations. For example, if a portfolio consists of two inversely correlated assets, which move in opposite directions most of the times,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/18 12:0 a.m.6 views

SHOULD CHECK RETURN DATA FROM CHAINLINK AGGREGATORS

Handle defsec Vulnerability details Impact The latestRoundData function in the contract PriceFeed.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID. Stale prices could put funds at risk. According to Chainlink's...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2021/12/14 12:0 a.m.8 views

Function sync in ChainlinkOracle.sol does not check the price returned from chainlink aggregators

Handle ye0lde Vulnerability details Impact The sync function in the contract ChainlinkOracle.sol fetches the feedPrice' from a Chainlink aggregator using the latestRoundDatafunction. There are checks on thetimeStampversus previous versions of the feed protecting against stale prices. But there is...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/14 12:0 a.m.11 views

Chainlink's latestRoundData might return stale or incorrect results

Handle WatchPug Vulnerability details function sync public , int256 feedPrice, , uint256 timestamp, = feed.latestRoundData; Fixed18 price = Fixed18Lib.ratiofeedPrice, SafeCast.toInt256decimalOffset; if priceAtVersion.length == 0 || timestamp timestampAtVersioncurrentVersion + minDelay...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/13 12:0 a.m.13 views

PriceOracle Does Not Filter Price Feed Outliers

Handle leastwood Vulnerability details Impact If for whatever reason the Chainlink oracle returns a malformed price due to oracle manipulation or a malfunctioned price, the result will be passed onto users, causing unintended consequences as a result. In the same time it's possible to construct...

7AI score
Exploits0
Rows per page
Query Builder