Lucene search
K

40 matches found

Code423n4
Code423n4
added 2023/12/12 12:0 a.m.7 views

latestAnswer() may return stale values

Lines of code 121, 122, 123, 124, 51 Vulnerability details latestAnswer only returns the latest answer or zero, and thus there is no way to tell whether the value is stale or not. Use latestRoundData instead, and check whether the latest timestamp is within your protocol's limits. File:...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/12/04 12:0 a.m.11 views

latestAnswer() may return stale values

Lines of code 121, 122, 123, 124, 51 Vulnerability details latestAnswer only returns the latest answer or zero, and thus there is no way to tell whether the value is stale or not. Use latestRoundData instead, and check whether the latest timestamp is within your protocol's limits. File:...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/12/01 12:0 a.m.10 views

latestAnswer() may return stale values

Lines of code 121, 122, 123, 124, 51 Vulnerability details latestAnswer only returns the latest answer or zero, and thus there is no way to tell whether the value is stale or not. Use latestRoundData instead, and check whether the latest timestamp is within your protocol's limits. File:...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/11/29 12:0 a.m.6 views

latestAnswer() may return stale values

Lines of code 121, 122, 123, 124, 51 Vulnerability details Impact latestAnswer only returns the latest answer or zero, and thus there is no way to tell whether the value is stale or not. Use latestRoundData instead, and check whether the latest timestamp is within your protocol's limits. File:...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.6 views

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact Chainlink's latestRoundData is used but there is no check if the return value indicates stale data. This could return stale price data for the underlying asset. Proof of Concept getChainlinkPrice function uses Chainlink's latestRoundData to get the lates...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.71 views

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact The getPORFeedData function in the contract StaderOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID, resulting in stale prices. The oracle wrapper calls out to a...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/01/26 12:0 a.m.12 views

Upgraded Q -> M from #404 [1674736594739]

Judge has assessed an item in Issue 404 as M risk. The relevant finding follows: L‑04 latestAnswer is deprecated Use latestRoundData instead so that you can tell whether the answer is stale or not. The latestAnswer function returns zero if it is unable to fetch data, which may be the case if...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/25 12:0 a.m.9 views

Upgraded Q -> M from #472 [1674665995647]

Judge has assessed an item in Issue 472 as M risk. The relevant finding follows: L-01 CHAINLINK AGGREGATOR IS NOT SUFFICIENTLY VALIDATED AND CAN RETURN STALE ANSWER As shown below, calling the getAssetPrice function in the ParaSpaceOracle contract can execute price = uint256source.latestAnswer,...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.13 views

Oracle.sol uses deprecated Chainlink method latestAnswer()

Lines of code Vulnerability details Proof of Concept Chainlink has market the latestAnswer method as deprecated for his price feeds, but the code is using it. Impact The latestAnswer method just returns the price and has no way to check if it is stale. If the project is using a stale price it can...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.12 views

Chainlink latestAnswer is deprecated

Lines of code Vulnerability details Impact Since Chainlink latestAnswer is deprecated, use latestRoundData instead. Since it is deprecated, there is chance of Chainlink to stop supporting this function. Proof of Concept uint price = feedstoken.feed.latestAnswer; Tools Used Manual Analysis...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.21 views

Chainlink oracle data feed is not sufficiently validated and can return stale price

Lines of code Vulnerability details Impact Calling the Oracle contract's viewPrice or getPrice function executes uint price = feedstoken.feed.latestAnswer and requireprice 0, "Invalid feed price". Besides that Chainlink's latestAnswer function is deprecated, only verifying that price 0 is true is...

6.4AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.10 views

Deprecated ChainLink API

Lines of code Vulnerability details Impact According to Chainlink's documentation, the latestAnswer function is deprecated. This function might suddenly stop working if Chainlink stop supporting deprecated APIs. And the old API can return stale data. Proof of Concept function latestAnswer externa...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.6 views

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact On Controller.sol and in PegOracle.sol we are using latestRoundData, but there is no check if the return value indicates stale data. This could lead to stale prices according to the Chainlink documentation: Proof of Concept Tools Used Visual Inspection...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/17 12:0 a.m.13 views

Chainlink's latestRoundData() might return stale or incorrect data

Lines of code Vulnerability details Impact The only value being checked from the return of latestRoundData is answer. Chainlink will return more fields that can be checked to ensure the data is not stale/incorrect. Proof of Concept Lack of checks inside the function updateExchangeRate might cause...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/17 12:0 a.m.12 views

Chainlink’s latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact On ChainlinkPriceOracle.sol, we are using latestRoundData, but there is no check if the return value indicates stale data. Proof of Concept File: contracts/FraxlendPairCore.sol , int256 answer, , , = AggregatorV3InterfaceoracleMultiply.latestRoundData; ,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.28 views

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact latestRoundData is used to fetch the asset price from a Chainlink aggregator, but it's missing additional validations to ensure that the round is complete. If there is a problem with Chainlink starting a new round and finding consensus on the new value f...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.7 views

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact Chainlink's latestRoundData might return stale or incorrect results Proof of Concept According to Chainlink documentation, there must be a check for stale prices. It's a link of the same issue. Tools Used Solidity Visual Developer of VSCode Recommended...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.7 views

Improper validation Chainlink's latestRoundData() for stale or incorrect result

Lines of code Vulnerability details Impact The result from price feed needs further validation for stale and incorrect results. Proof of Concept function currentPriceuint256 decimals external view override returns uint256 // Get the latest round information. Only need the price is needed. , int25...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.11 views

CHAINLINK’S LATESTROUNDDATA MIGHT RETURN STALE OR INCORRECT RESULTS

Lines of code Vulnerability details Impact This could lead to stale prices according to the Chainlink documentation: Proof of Concept On JBChainlinkV3PriceFeed.sol, we are using latestRoundData, but there is no check if the return value indicates stale data. function currentPriceuint256 decimals...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/05/04 12:0 a.m.10 views

Inexistent Chainlink Data Staleness Sanitization

Lines of code Vulnerability details Impact The IChainlinkAggregator implementation utilized by the codebase is outdated and as such is not properly sanitized. Recommended Mitigation Steps While the interface itself needs to be updated in its dedicated finding, the code utilizing it should also be...

7AI score
Exploits0
Rows per page
Query Builder