Lucene search
K

242 matches found

Code423n4
Code423n4
β€’added 2022/12/16 12:0 a.m.β€’13 views

Function fulfillRandomWords in VRFNFTRandomDraw contract must not revert

Lines of code Vulnerability details The VRFNFTRandomDraw contract implements the Chainlink VFR feature to pull random data to select the raffle winner. As per their security guidelines the implementation of the fulfillRandomWords function must not revert. Impact If the fulfillRandomWords function...

6.9AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/12/16 12:0 a.m.β€’11 views

Draw organizer can rig the draw to favor certain participants such as their own account.

Lines of code Vulnerability details Description In RandomDraw, the host initiates a draw using startDraw or redraw if the redraw draw expiry has passed. Actual use of Chainlink oracle is done in requestRoll: request.currentChainlinkRequestId = coordinator.requestRandomWords keyHash:...

7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/12/09 12:0 a.m.β€’12 views

Decimals of the oracle is not checked

Lines of code Vulnerability details Impact Decimals of the Chainlink oracle is not checked, it is assumed to have the same unit as BASECURRENCYUNIT but it might not always be the case. If the oracle use a different number of decimals all the price will be wrong by magnitudes. Proof of Concept...

6.8AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/12/09 12:0 a.m.β€’8 views

Dangerous casting from i256 to u256 of the price returned by the Chainlink oracle

Lines of code Vulnerability details Impact Referring to the docs, Chainlink oracles are returning the price as an int256, which means that the answer can be a negative price. Later, this price is casted as an uint256 in the case of an oracle that is set, which overflows when price 0. Any price...

6.7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/12/09 12:0 a.m.β€’14 views

Fallback oracle is unusable when primary oracle is not updated

Lines of code Vulnerability details Description Paraspace implemented their own Oracle wrapper in ParaSpaceOracle.sol. The important function getAssetPrice is used by many logic functions like health check. function getAssetPriceaddress asset public view override returns uint256 if asset ==...

6.6AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/11/10 12:0 a.m.β€’14 views

Legitimate token / USD pairs with more than 8 decimals are not handled correctly

Lines of code Vulnerability details Impact The decimals returned by the Chainlink oracles are assumed to be 8 throughout this protocol. However, there are legitimate token / USD pairs that have the corresponding Chainlink oracles to return more than 8 decimals; for example, the AMPL / USD pair's...

6.6AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/11/10 12:0 a.m.β€’19 views

Chainlink USD price feeds can have more than 8 decimals

Lines of code Vulnerability details Impact Collateral value is overestimated by orders of magnitude if asset that has a chainlink oracle USD price feed with more than 8 decimals is added. A borrower can borrow much more than allowed in an EscrowedLine Proof of Concept In Oracle.sol the USD price...

6.8AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/10/30 12:0 a.m.β€’8 views

Oracle.sol uses deprecated Chainlink API latestAnswer()

Lines of code Vulnerability details Impact Oracle.sol cannot obtain prices from Chainlink feed. Proof of Concept Oracle.sol uses deprecated latestAnswer at This may not return a value as the function is deprecated. Tools Used Code inspection Recommended Mitigation Steps Use latestRoundData --- Th...

6.8AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/10/30 12:0 a.m.β€’7 views

Oracle data feed is insufficiently validated

Lines of code Vulnerability details Impact Oracle contract has 2 functions - viewPrice & getPrice - to get the price through the Chainlink price feed. However, the received data is not validated/checked for freshness and round completeness. This might cause the price to be stale and it can lead t...

6.8AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/10/30 12:0 a.m.β€’12 views

The decimal calculation is wrong for tokens with decimals < 18, it will highly inflate the price.

Lines of code Vulnerability details Impact The decimal calculation is wrong for tokens with decimals 18, it will highly inflate the price. Every function that uses oracle price such as borrow and liquidation will be wrong for tokens with decimals 18. Proof of Concept uint8 decimals = 36 -...

6.7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/10/30 12:0 a.m.β€’14 views

Oracle.sol uses deprecated Chainlink method latestAnswer()

Lines of code Vulnerability details Proof of Concept Chainlink has market the latestAnswer method as deprecated for his price feeds, but the code is using it. Impact The latestAnswer method just returns the price and has no way to check if it is stale. If the project is using a stale price it can...

6.9AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/10/30 12:0 a.m.β€’15 views

Oracle's getPrice() returns the wrong price in certain combinations of oracle feed and token decimals

Lines of code Vulnerability details Impact The oracle's getPrice returns a price that is off by several orders of magnitued depending of the combination of decimals for the Chainlink's pricefeed and underlaying token's pricefeed Actually it based on the decimals set when adding the feed tot he...

6.6AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/10/30 12:0 a.m.β€’13 views

Protocol's usability becomes very limited when access to Chainlink oracle data feed is blocked

Lines of code Vulnerability details Impact Based on the current implementation, when the protocol wants to use Chainlink oracle data feed for getting a collateral token's price, the fixed price for the token should not be set. When the fixed price is not set for the token, calling the Oracle...

6.7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/10/30 12:0 a.m.β€’7 views

Consideration of tokens with decimals higher than 18

Lines of code Vulnerability details Impact Oracle contract has 2 functions - viewPrice & getPrice - to get the price through the Chainlink price feed in DOLA. Both functions check the decimals of the feedDecimals answer by calling feed.decimals and calculate the price by 36 - feedDecimals -...

6.8AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/10/30 12:0 a.m.β€’9 views

A freshly added collateral token will cause the disadvantage of the borrowing price for the first borrowers.

Lines of code Vulnerability details Impact The Oracle contract is known to be pessimistic in way of serving the lowest prices to prevent borrowers from borrowing more than the lowest recorded value of their collateral over the past 2 days. However, this is not possible for the tokens which are...

6.5AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/10/30 12:0 a.m.β€’10 views

Using deprecated Chainlink function latestAnswer could result in wrong borrowing power

Lines of code Vulnerability details Impact The Oracle contract is used to get the latest price for the users collateral tokens, but the functions getPrice and viewPrice use a deprecated Chainlink function latestAnswer to get the price of a given token as it's mentionned here, this function does n...

6.5AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/10/30 12:0 a.m.β€’10 views

Deprecated ChainLink API

Lines of code Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. This function might suddenly stop working if Chainlink stop supporting deprecated APIs. And the old API can return stale data. Proof of Concept function latestAnswer externa...

6.7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/10/30 12:0 a.m.β€’21 views

Chainlink oracle data feed is not sufficiently validated and can return stale price

Lines of code Vulnerability details Impact Calling the Oracle contract's viewPrice or getPrice function executes uint price = feedstoken.feed.latestAnswer and requireprice 0, "Invalid feed price". Besides that Chainlink's latestAnswer function is deprecated, only verifying that price 0 is true is...

6.4AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/10/30 12:0 a.m.β€’12 views

Chainlink latestAnswer is deprecated

Lines of code Vulnerability details Impact Since Chainlink latestAnswer is deprecated, use latestRoundData instead. Since it is deprecated, there is chance of Chainlink to stop supporting this function. Proof of Concept uint price = feedstoken.feed.latestAnswer; Tools Used Manual Analysis...

6.8AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/10/25 12:0 a.m.β€’18 views

Weak randomness

Lines of code Vulnerability details Vulnerability details Description In the function crossChainMessage of HolographOperator contract there is the following logic implemented for the calculation of the random value: / @dev use job hash, job nonce, block number, and block timestamp for generating ...

6.8AI score
Exploits0
Rows per page
Query Builder