4 matches found
requestDeposit and requestRedeem do not allow for any price guarantee, opening users to sandwich attacks and other losses
Lines of code Vulnerability details Impact Request functions take only the desired input amount as a parameter, giving no way for the caller to control the fulfilment price. The price is decided by the Centrifuge mainnet only. function requestDeposituint256 assets, address owner; function...
Protocol's usability becomes very limited when access to Chainlink oracle data feed is blocked
Lines of code Vulnerability details Impact Based on the current implementation, when the protocol wants to use Chainlink oracle data feed for getting a collateral token's price, the fixed price for the token should not be set. When the fixed price is not set for the token, calling the Oracle...
Renouncepauser function is dangerous
Lines of code Vulnerability details Impact If pauser makes an error all the protocol will be unusable Proof of Concept The funtion renouncePauserPausable.sol which affect several contracts is dangerous. function renouncePauser external virtual onlyPauser emit PauserChangedpauser, address0; pauser...
CompoundToNotionalV2.notionalCallback ERC20 return values not checked
Handle cmichel Vulnerability details Vulnerability Details Some tokens like USDT don't correctly implement the EIP20 standard and their transfer/transferFrom function return void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert. S...