Lucene search
K

11 matches found

Code423n4
Code423n4
added 2022/12/09 12:0 a.m.8 views

Missing access control in NFTFloorOracle::removeFeeder

Lines of code Vulnerability details Proof of Concept THe removeFeeder method is lacking onlyRoleDEFAULTADMINROLE modifier, even though the NatSpec states “Allows owner to remove feeder”. Due to this, now everyone can remove a feeder anytime. Different types of attack can be executed, one of which...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.12 views

NFTFloorOracle's asset and feeder structures can be corrupted

Lines of code Vulnerability details NFTFloorOracle's addAsset and addFeeder truncate the assets and feeders arrays indices to 255, both using uint8 index field in the corresponding structures and performing uint8assets.length - 1 truncation on the new element addition. 2^8 - 1 looks to be too tig...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.10 views

Oracle will become invalid much faster than intended on non-mainnet chains

Lines of code Vulnerability details Description NFTFloorOracle is in charge of answering price queries for ERC721 assets. EXPIRATIONPERIOD constant is the max amount of blocks allowed to have passed for the reading to be considered up to date: uint256 diffBlock = currentBlock - priceInfo.updatedA...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.9 views

Some arbitrary feeders will not be removable, even by admin.

Lines of code Vulnerability details Description NFTFloorOracle receives data from different "feeders". They are added using addFeeders and removed by removeFeeder. Feeders are managed by two data structures. feeders is an array, each element in the address of the feeder. feederPositionMap maps...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.12 views

Fallback oracle is unusable when primary oracle is not updated

Lines of code Vulnerability details Description Paraspace implemented their own Oracle wrapper in ParaSpaceOracle.sol. The important function getAssetPrice is used by many logic functions like health check. function getAssetPriceaddress asset public view override returns uint256 if asset ==...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.8 views

NFTFloorOracle price feeders can be removed by anyone

Lines of code Vulnerability details Impact The nfts price feeders in the NFTFloorOracle contract should be added or removed only by the admin but because the removeFeeder function is missing the onlyRoleDEFAULTADMINROLE modifier any user can remove a feeder, this could impact the whole protocol i...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.7 views

Price can deviate by much more than maxDeviationRate

Lines of code Vulnerability details Description NFTFloorOracle retrieves ERC721 prices for ParaSpace. maxPriceDeviation is a configurable parameter, which limits the change percentage from current price to a new feed update. function checkValidityaddress asset, uint256 twap internal view returns...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.8 views

NFTFloorOracle trust feeder without any fallback

Lines of code Vulnerability details Impact In the current design, NFTFloorOracle take the median of valid feeder price as the oracle price. This design can be dangerous if more than half as few as 2 of the feeders decided to collude and publish malicious prices. If they set the price higher, they...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.13 views

Unsafe casting from uint256 to uint8 cause wrong index of asset and feeder in NFTFloorOracle

Lines of code Vulnerability details Impact In NFTFloorPrice, it has a set of feeders and a set of assets. Feeders will set price for assets. Of coursers, with the growing NFT space, number of assets collection could be much more than 256 and because Paraspace uses median price from keepers so...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.5 views

Pausing assets only affects future price updates, not previous malicious updates.

Lines of code Vulnerability details Description NFTFloorOracle retrieves ERC721 prices for ParaSpace. It is pausable by admin on a per asset level using setPauseasset, flag. setPrice will not be callable when asset is paused: function setPriceaddress asset, uint256 twap public onlyRoleUPDATERROLE...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.13 views

Anyone can remove feeders from NFTFloorOracle.

Lines of code Vulnerability details Impact There is no onlyRole modifier in removeFeeder, so anyone can remove feeders from NFTFloorOracle, and it will cause a DOS attack. Proof of Concept function removeFeederaddress feeder external onlyWhenFeederExistedfeeder //@audit no modifier...

6.8AI score
Exploits0
Rows per page
Query Builder