5 matches found
Unbounded Chainlink oracle time delay vulnerability
Lines of code Vulnerability details Summary The contract OndoPriceOracleV2 allows for the owner to set an association between an fToken and a Chainlink oracle for price retrieval. The contract also allows the owner to set a maxmum amount of time delay that it will tolerate from all Chainlink...
Oracle.sol uses deprecated Chainlink method latestAnswer()
Lines of code Vulnerability details Proof of Concept Chainlink has market the latestAnswer method as deprecated for his price feeds, but the code is using it. Impact The latestAnswer method just returns the price and has no way to check if it is stale. If the project is using a stale price it can...
Oracle failure allows NFT to be stolen
Lines of code Vulnerability details Impact Any temporary failure in an oracle relaying a price allows the NFT collateral to be removed by the lender, even if the value of the NFT is still far above the agreed-upon liquidation value. Considering that oracle price retrieval failure is accounted for...
Uncontrolled usage of Chainlink API for core price retrieval
Lines of code Vulnerability details Impact Chainlink's latestAnswer usage can yield stale price information, which is crucial for borrowing and liquidation. latestAnswer is having less ways to be controlled compared to latestRoundData, which is advised for price sensitive operations. Staling pric...
Use of deprecated Chainlink API
Handle defsec Vulnerability details Impact The contract uses Chainlink’s deprecated API latestAnswer. Such functions might suddenly stop working if Chainlink stopped supporting deprecated APIs. Impact: Deprecated API stops working. Prices cannot be obtained. Protocol stops and contracts have to b...