4 matches found
Chainlink's latestRoundData (price) might return stale or incorrect result
Lines of code Vulnerability details JBChainlinkV3PriceFeed.sol we are using latestRoundData, but there is no check if the return value indicates stale data..Even though its only getting the price variable, the whole latestRoundData function gets returned and we cant just ignore it because the pri...
Chainlink oracle might return stale data
Lines of code Vulnerability details Impact Oracle might return stale data for basePrice and quotePrice. Proof of Concept refreshedAssetPerBaseInUQ in ChainlinkPriceOracle.sol does not check if the data from Chainlink is fresh . If there is a problem with the Chainlink oracle, this contract may be...
PriceFeed ignores ChainLink roundId and will treat stale price as fresh
Handle hyh Vulnerability details Impact Stale 'carried over' price can be used for liquidations. This can cause various types of malfunctions and manipulated liquidations. For example, if a portfolio consists of two inversely correlated assets, which move in opposite directions most of the times,...
User is still able to frontrun
Handle evertkors Vulnerability details Impact An attempt to solve front-running attacks by using the nextPrice model is not effective. Users are still able to execute a front-running attack as the time of the next price execution is arbitrary. The oracle is called at an arbitrary point in time...