Missing circuit breaker checks in ethPerCvx() for Chainlink's price feed

Lines of code Vulnerability details Bug Description The ethPerCvx function relies on a Chainlink oracle to fetch the CVX / ETH price: VotiumStrategyCore.solL158-L169 try chainlinkCvxEthFeed.latestRoundData returns uint80 roundId, int256 answer, uint256 / startedAt /, uint256 updatedAt, uint80 /...

Oracle may return a stale price that is not resistant to flash crashes

Lines of code Vulnerability details Impact Oracle may return a stale price in the event of a flash crash which will affect protocol calculation of maxDebt and affect protocol. Proof of Concept Protocol uses the time weighted average pricing of 30 days to check the price of the NFT. uint256 consta...

USN-3435-2 firefox regression

USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash plugin to crash in some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a...

The Next Security Scandal Will Be An Attack on High Frequency Trading Systems

The U.S. Securities and Exchange Commission voted on Tuesday to impose new rules to help oversee what experts warn is a burgeoning and little understood shadow market of ultra high-speed, computer based trading. But one security expert warns that new reporting rules are only part of the problem...