3 matches found
Chainlink oracle lacks proper validation
Lines of code Vulnerability details Impact Calls to the Chainlink price oracle via latestRoundData in FraxlendPairCore.sol use the correct function latestRoundData per Chainlink's documentation, but lack the recommended validations to ensure that the round is complete and does not return stale...
Potentially Incomplete or Stale Data from Oracle
Lines of code Vulnerability details Impact Calls to the Chainlink price oracle via refreshedAssetPerBaseInUQ in ChainlinkPriceOracle.sol use the correct function latestRoundData per Chainlink's documentation, but lacks the recommended validations to ensure that the round is complete and does not...
latestRoundData data insufficiently validated
Lines of code Vulnerability details Impact The data returned by the Chainlink latestRoundData function may be stale. There should be checks applied on the data received from Chainlink to validate that it is not stale. Proof of Concept The ChainlinkPriceOracle contract has these two lines , int...