Lucene search
+L

6 matches found

code423n4
code423n4
added 2022/12/16 12:0 a.m.11 views

Chainlink price feed is not sufficiently validated and can return stale price

Lines of code Vulnerability details Impact As mentioned by , "Prices provided by the oracle network are also compared to Chainlink's public price feeds for additional security. If prices have more than a 2% difference the transaction is reverted." The Chainlink price verification logic in the...

6.6AI score
Exploits0
code423n4
code423n4
added 2022/05/08 12:0 a.m.17 views

ChainLink latestRoundData data may be stale

Originally submitted by warden 0xkatana in 63, duplicate of 17. ChainLink latestRoundData data may be stale Impact The Chainlink API latestRoundData function returns price data with other timestamp and round data. The timestamp and round data should be validated to confirm the data is not stale...

6.9AI score
Exploits0
code423n4
code423n4
added 2021/12/23 12:0 a.m.13 views

totalLiquidityWeight Is Updated When Adding New Token Pairs Which Skews Price Data For getVaderPrice and getUSDVPrice

Handle leastwood Vulnerability details Impact The addVaderPair function is called by the onlyOwner role. The relevant data in the twapData mapping is set by querying the respective liquidity pool and Chainlink oracle. totalLiquidityWeight for the VADER path is also incremented by the...

6.9AI score
Exploits0
code423n4
code423n4
added 2021/10/27 12:0 a.m.7 views

Chainlink price data could be stale

Handle WatchPug Vulnerability details function getPriceaddress asset public view override returns float memory , int256 price, , , = feedasset.latestRoundData; uint256 decimalSum = feedasset.decimals + IERC20Metadataasset.decimals; if decimalSum 18 return float numerator: uint256price, denominato...

6.9AI score
Exploits0
code423n4
code423n4
added 2021/10/27 12:0 a.m.11 views

ChainLink price data could be stale

Handle cmichel Vulnerability details There is no check in ChainlinkAdapterEth.getPrice if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicate stale data." under...

6.8AI score
Exploits0
code423n4
code423n4
added 2021/08/11 12:0 a.m.10 views

OracleManagerEthKillerChainlink price data could be stale

Handle cmichel Vulnerability details There is no check in OracleManagerEthKillerChainlink.getLatestPrice if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicate stal...

6.8AI score
Exploits0
Rows per page
Query Builder