5 matches found
Lack of minimal sufficient liquidity check can result in unreliable prices
Lines of code Vulnerability details function getPriceCantoaddress token internal view returnsuint erc20 token = erc20token; address pair = pairForaddresswcanto, addresstoken, false; if !isPairpair return 0; // this pair does not exist with Canto uint decimals = 10 token.decimals; // get decimals ...
Blocking of Legitimate Liquidation
Lines of code Vulnerability details Issue: removeCollateral calculates whether liquidation is allowed via requirerate.mulloanParams.ltvBPS / BPS amount, "NFT is still valued";. An arbitrarily high ltvBPS will effectively bypass the oracle price and block liquidation. Consequences: A malicious...
Unsecure oracle price
Handle 0x1f8b Vulnerability details Impact The oracle price use an unsecure calculation. Proof of Concept The contract Cvx3CrvOracle use the min price of dai, usdt and usdt instead of the average, so if an attacker is able to compromise the oracle end point, and change one of them, the contract...
withdrawTo Does Not Sync Before Checking A Position's Margin Requirements
Handle leastwood Vulnerability details Impact The maintenanceInvariant modifier in Collateral aims to check if a user meets the margin requirements to withdraw collateral by checking its current and next maintenance. maintenanceInvariant inevitably calls AccountPosition.maintenance which uses the...
CVE-2020-2942
Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...