Lucene search
+L

242 matches found

code423n4
code423n4
added 2023/09/27 12:0 a.m.15 views

Missing circuit breaker checks in ethPerCvx() for Chainlink's price feed

Lines of code Vulnerability details Bug Description The ethPerCvx function relies on a Chainlink oracle to fetch the CVX / ETH price: VotiumStrategyCore.solL158-L169 try chainlinkCvxEthFeed.latestRoundData returns uint80 roundId, int256 answer, uint256 / startedAt /, uint256 updatedAt, uint80 /...

6.8AI score
Exploits0
code423n4
code423n4
added 2023/09/27 12:0 a.m.9 views

Users can deposit() even when Chainlink's price feed for CVX is stale

Lines of code Vulnerability details Bug Description In VotiumStrategy.sol, the price of vAfEth is determined by the price function: VotiumStrategy.solL31-L33 function price external view override returns uint256 return cvxPerVotium ethPerCvxfalse / 1e18; As seen from above, it calls ethPerCVX wit...

7AI score
Exploits0
code423n4
code423n4
added 2023/09/25 12:0 a.m.8 views

Stale cvx price can be used while depositing

Lines of code Vulnerability details Impact Stale cvx price can be used while depositing Proof of Concept When user deposits, then price of afEth token is calculated. It's needed to know how many tokens user will receieve. This price consists of safEth price and vEth price. This is how price is...

7AI score
Exploits0
code423n4
code423n4
added 2023/09/14 12:0 a.m.9 views

Assumptions are currently made that prices would forever be positive

Lines of code Vulnerability details Impact Neglecting the potential for negative asset prices can lead to inaccurate value representation in the Liquidity Pool, possibly affecting calculations related to assets and tokens. It's crucial to note that the value of an asset, even if negative in the...

6.8AI score
Exploits0
code423n4
code423n4
added 2023/09/07 12:0 a.m.18 views

Price Manipulation Through Vulnerability in simulateRange Function

Lines of code Vulnerability details Impact The simulateRange function, although designed for simulation and testing purposes, could potentially be exploited in a sandwich attack scenario. A malicious actor could front-run a user's transaction by using a flash loan to manipulate the price,...

6.6AI score
Exploits0
code423n4
code423n4
added 2023/09/06 12:0 a.m.14 views

Calculating slippage from price oracle is not accurate

Lines of code Vulnerability details Impact calculating slippage using oracle prices will lead to inaccurate slippage values , due to this swaps will fail or execute with higher slippage. Proof of Concept In curveSwap function of RdpxV2Core contract slippage is being calculated using oracles price...

7.2AI score
Exploits0
code423n4
code423n4
added 2023/08/07 12:0 a.m.60 views

Check for the L2 Sequencer's uptime when calling the Chainlink feed is not implemented

Lines of code Vulnerability details Impact The getAnswer function in the LPOracle and OracleConvert contracts has a vulnerability that does not include a check for the Sequencer's uptime when calling the Chainlink feed CLTOKENA, CLTOKENB. In Layer 2 L2 systems, the Chainlink oracle may return an...

6.8AI score
Exploits0
code423n4
code423n4
added 2023/08/02 12:0 a.m.8 views

Risk of Incorrect Collateral Pricing in Case of Aggregator Reaching minAnswer

Lines of code Vulnerability details Impact Chainlink aggregators have a built-in circuit breaker to prevent the price of an asset from deviating outside a predefined price range. This circuit breaker may cause the oracle to persistently return the minPrice instead of the actual asset price in the...

6.9AI score
Exploits0
code423n4
code423n4
added 2023/07/31 12:0 a.m.9 views

Potential Stale Data Due to Inadequate Round Validation

Lines of code Vulnerability details Impact Even tough the dev is checking if the data is stale or not some valid prices could still be considered as invalid because of this line: answeredInRound == roundId, sometimes the answeredInRound might be greater than roundId and would still be valid but i...

6.9AI score
Exploits0
code423n4
code423n4
added 2023/07/31 12:0 a.m.10 views

the getChainlinkPrice() function calling the latestRoundData without using the try/catch to avoid bad possible scenario

Lines of code Vulnerability details Impact Call to latestRoundData could potentially revert and make it impossible to query any prices. the getChainlinkPrice function should use try/catch to avoid the case of the getChainlinkPrice function revert and cause dos/block the system. Proof of Concept t...

6.7AI score
Exploits0
code423n4
code423n4
added 2023/07/31 12:0 a.m.21 views

the check for the roundId == answeredInRound should be set to >= in the ChainlinkCompositeOracle.sol#getPriceAndDecimals

Lines of code Vulnerability details Impact the function getPriceAndDecimals have check that it check if the round id is equal to the answer in round ID. this check should be change to = because some roundID may get the data/answers in the round that is more than the roundId and this case is...

6.8AI score
Exploits0
code423n4
code423n4
added 2023/07/31 12:0 a.m.7 views

Potential Exploitation due to Lack of Price Range Checks in Oracle Implementation

Lines of code Vulnerability details Impact Chainlink aggregators have a built in circuit breaker if the price of an asset goes outside of a predetermined price band. The result is that if an asset experiences a huge drop in value i.e. LUNA crash the price of the oracle will continue to return the...

6.6AI score
Exploits0
code423n4
code423n4
added 2023/07/31 12:0 a.m.6 views

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact Chainlink's latestRoundData is used but there is no check if the return value indicates stale data. This could return stale price data for the underlying asset. Proof of Concept getChainlinkPrice function uses Chainlink's latestRoundData to get the lates...

6.7AI score
Exploits0
code423n4
code423n4
added 2023/07/31 12:0 a.m.12 views

Missing check of how recent the price is can lead to stale price being used in the protocol

Lines of code Vulnerability details Impact In the ChainlinkOracle.sol file, in the function getChainlinkPriceAggregatorV3Interface feed, there is the check requireupdatedAt != 0, "Round is in incompleted state";. However, there is no check to see that the price is recent and acceptable. If there ...

6.9AI score
Exploits0
code423n4
code423n4
added 2023/07/31 12:0 a.m.12 views

missing check for the max/min price in the chainlinkOracle.sol contract

Lines of code Vulnerability details Impact the chainlinkOracle.sol contract specially the getChainlinkPrice function using the aggregator v2 and v3 to get/call the latestRoundData. the function should check for the min and max amount return to prevent some case happen, something like this: if cas...

6.8AI score
Exploits0
code423n4
code423n4
added 2023/07/07 12:0 a.m.19 views

DENIAL OF SERVICE COULD OCCUR IF CHAINLINK PRICE FEEDS ARE BLOCKED

Lines of code Vulnerability details Impact Protocol’s usability becomes very limited when access to Chainlink oracle data feed is blocked The LibOracle.readChainlinkFeed function calls the feed.latestRoundData on the chain link price feed to calculate the quotePrice and retrun it to the...

6.6AI score
Exploits0
code423n4
code423n4
added 2023/07/07 12:0 a.m.6 views

IF RETURNED DECIMAL VALUE IS ZERO, IT COULD BREAK THE FUNCTIONING OF THE PROTOCOL

Lines of code Vulnerability details Impact The LibOracle.readChainlinkFeed function is used to calculate the quotePrice for a collateral using the chainlink price feeds. The function uses the values received via the multiple arrays in the LibOracle.read function. One such array is the...

6.8AI score
Exploits0
code423n4
code423n4
added 2023/06/09 12:0 a.m.112 views

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact The getPORFeedData function in the contract StaderOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID, resulting in stale prices. The oracle wrapper calls out to a...

6.6AI score
Exploits0
code423n4
code423n4
added 2023/05/08 12:0 a.m.8 views

Mitigation Confirmed for Mitigation of H-06: Issue mitigated with error

Mitigated issue H-06: WstEth derivative assumes a 1=1 peg of stETH to ETH. The issue was that WstEth.withdraw and WstEth.ethPerDerivative assume a perfect peg between stETH and ETH, which may cause the slippage to be inaccurately evaluated. Mitigation review The issue has been mitigated by using...

6.8AI score
Exploits0
code423n4
code423n4
added 2023/05/08 12:0 a.m.14 views

Chainlink price feed responses are not validated

NEW ISSUE - MITIGATION IS NOT CONFIRMED NEW ISSUE - MITIGATION IS NOT CONFIRMED adriro-NEW-H-02 Chainlink price feed responses are not validated Link to changesets: Impact The protocol team introduced Chainlink price feeds for the Reth and WstEth derivatives in order to mitigate price manipulatio...

6.9AI score
Exploits0
Rows per page
Query Builder