2 matches found
Unbounded Chainlink oracle time delay vulnerability
Lines of code Vulnerability details Summary The contract OndoPriceOracleV2 allows for the owner to set an association between an fToken and a Chainlink oracle for price retrieval. The contract also allows the owner to set a maxmum amount of time delay that it will tolerate from all Chainlink...
Stale prices can be used by the system
Lines of code Vulnerability details updatedAt field of Chainlink's latestRoundData isn't checked, so even substantially outdated price will be used by the system. Proof of Concept Price is the only field that is read from Chainlink: function currentPriceuint256 decimals external view override...