5 matches found
SEC-Bench Pro: Can Language Models Solve Long-Horizon Software Security Tasks?
Large language models LLMs now support automated software security tasks, including vulnerability discovery and proof-of-concept PoC generation. Existing benchmarks do not faithfully evaluate LLMs in real-world bug hunting scenarios because they rely on fuzzing harnesses, target-specific...
Root-Cause-Driven Automated Vulnerability Repair
Recent LLM-based systems have made automated vulnerability repair increasingly practical, but two challenges remain. First, without strong signals about where a bug originates, repair agents drift toward shallow edits that silence the observed failure while leaving the underlying defect unresolve...
Lack of Oracle Price Validation in rUSDY
Lines of code Vulnerability details Summary Ondo's custom oracle, RWADynamicOracle, is responsible for delivering the price of USDY to the rUSDY token contract. The oracle is called in four different functions for the price of USDY; the results of which are also used in core functions in the toke...
Insufficient oracle validation
Lines of code Vulnerability details Impact Oracle my return stale price. Proof of Concept Round completeness and the quoted timestamp are not checked to ensure that the reported price is not stale. roundId, startedAt, updatedAt, and answeredInRound are omitted from the return result of...
Improper Validation Of Chainlink's latestRoundData() Function
Lines of code Vulnerability details Impact The calls to the latestRoundData function do not validate the output of the Chainlink oracle query. As a result, it is possible to use stale results when returning the TWAP price. latestRoundData is able to ensure the round is complete and has returned a...