2 matches found
Unbounded Chainlink oracle time delay vulnerability
Lines of code Vulnerability details Summary The contract OndoPriceOracleV2 allows for the owner to set an association between an fToken and a Chainlink oracle for price retrieval. The contract also allows the owner to set a maxmum amount of time delay that it will tolerate from all Chainlink...
Withdraw all with amount: type(uint256).max in native token (ETH) will always revert
Lines of code Vulnerability details if amount == typeuint256.max uint256 decimal = IERC20Detailedasset.decimals; amount = amountToWithdraw.multhis.pricePerShare.div10decimal; Per the comment: The asset address for collateral asset = 0x0000000000000000000000000000000000000000 means to use ETH as...