Lucene search
K

4 matches found

Code423n4
Code423n4
added 2022/07/08 12:0 a.m.17 views

Chainlink's latestRoundData (price) might return stale or incorrect result

Lines of code Vulnerability details JBChainlinkV3PriceFeed.sol we are using latestRoundData, but there is no check if the return value indicates stale data..Even though its only getting the price variable, the whole latestRoundData function gets returned and we cant just ignore it because the pri...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/19 12:0 a.m.16 views

Chainlink oracle might return stale data

Lines of code Vulnerability details Impact Oracle might return stale data for basePrice and quotePrice. Proof of Concept refreshedAssetPerBaseInUQ in ChainlinkPriceOracle.sol does not check if the data from Chainlink is fresh . If there is a problem with the Chainlink oracle, this contract may be...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/20 12:0 a.m.11 views

PriceFeed ignores ChainLink roundId and will treat stale price as fresh

Handle hyh Vulnerability details Impact Stale 'carried over' price can be used for liquidations. This can cause various types of malfunctions and manipulated liquidations. For example, if a portfolio consists of two inversely correlated assets, which move in opposite directions most of the times,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/08/08 12:0 a.m.8 views

User is still able to frontrun

Handle evertkors Vulnerability details Impact An attempt to solve front-running attacks by using the nextPrice model is not effective. Users are still able to execute a front-running attack as the time of the next price execution is arbitrary. The oracle is called at an arbitrary point in time...

7.2AI score
Exploits0
Rows per page
Query Builder