2 matches found
getPORFeedData() doesn't validate price feed answers (totalETHBalanceInInt and totalETHXSupplyInInt) before casting to uint256
Lines of code Vulnerability details Impact If a negative value is returned 0 from chainlink oracle and the value is cast to type uint256, the resulting value will be the unsigned representation of that value which will be an inaccurate price. Also, cases where sdprice can't be less than 0 will...
Price feed in MCAGRateFeed#getRate is not sufficiently validated and can return stale price
Lines of code Vulnerability details Impact MCAGRateFeedgetRate may return stale data Proof of Concept , int256 answer,,, = oracle.latestRoundData; Classic C4 issue. getRate only uses answer but never checks the freshness of the data, which can lead to stale bond pricing data. Stale pricing data c...