Lucene search
K

22 matches found

Code423n4
Code423n4
added 2023/11/15 12:0 a.m.12 views

getAssetPrice in ChainlinkPriceOracle.sol can return stale price.

Lines of code Vulnerability details Summary On chainlink oracle for every pair of tokens price updating time is different. After that particular time the price will be updated. getAssetPrice function is not checking when the last time the price was updated. So it may return stale price . So the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.9 views

latestRoundData recommendation does not have consideration for stale price

Lines of code Vulnerability details Impact The issue is highlighted in the bot L-2 finding but fail to highlight the importance for checking stale price. The ChainlinkPriceOracle when calls out to a Chainlink oracle receiving using the recommended latestRoundData it can get stale price, if there ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.9 views

Users can deposit() even when Chainlink's price feed for CVX is stale

Lines of code Vulnerability details Bug Description In VotiumStrategy.sol, the price of vAfEth is determined by the price function: VotiumStrategy.solL31-L33 function price external view override returns uint256 return cvxPerVotium ethPerCvxfalse / 1e18; As seen from above, it calls ethPerCVX wit...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/25 12:0 a.m.8 views

Stale cvx price can be used while depositing

Lines of code Vulnerability details Impact Stale cvx price can be used while depositing Proof of Concept When user deposits, then price of afEth token is calculated. It's needed to know how many tokens user will receieve. This price consists of safEth price and vEth price. This is how price is...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/07 12:0 a.m.10 views

Reorgs could revert the setRange function and lead to a long lasting stale price of USDY

Lines of code Vulnerability details Summary Reorgs could revert the setRange function and therefore lead to stale prices for a long time depending on the off chain protection, against it Vulnerability Details Here is the setRange function of the USDY price oracle: function setRange uint256...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.15 views

Not Checking For Stale Price

Lines of code Vulnerability details Impact Oracle data feed is insufficiently validated. There is no check for stale price and round completeness. Price can be stale and can lead to wrong price return value Proof of Concept /// @notice Get the price for the latest available round of a feed ///...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/03/07 12:0 a.m.8 views

Incorrect Price-Feed Failsafe System

Lines of code https://github...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.11 views

Chainlink price feed is not sufficiently validated and can return stale price

Lines of code Vulnerability details Impact As mentioned by , "Prices provided by the oracle network are also compared to Chainlink's public price feeds for additional security. If prices have more than a 2% difference the transaction is reverted." The Chainlink price verification logic in the...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/11/10 12:0 a.m.9 views

Oracle’s price is not checked for staleness

Lines of code Vulnerability details Proof of Concept The code makes use of Chainlink’s latestRoundData method but it does no validations on the input from it. The protocol has handling for price that is negative or zero in the methods that call getLatestAnswer but it is missing a check for...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.21 views

Chainlink oracle data feed is not sufficiently validated and can return stale price

Lines of code Vulnerability details Impact Calling the Oracle contract's viewPrice or getPrice function executes uint price = feedstoken.feed.latestAnswer and requireprice 0, "Invalid feed price". Besides that Chainlink's latestAnswer function is deprecated, only verifying that price 0 is true is...

6.4AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.10 views

Using deprecated Chainlink function latestAnswer could result in wrong borrowing power

Lines of code Vulnerability details Impact The Oracle contract is used to get the latest price for the users collateral tokens, but the functions getPrice and viewPrice use a deprecated Chainlink function latestAnswer to get the price of a given token as it's mentionned here, this function does n...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.7 views

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Proof of Concept JBChainlinkV3PriceFeedcurrentPrice function currentPriceuint256 decimals external view override returns uint256 // Get the latest round information. Only need the price is needed. , int256 price, , , = feed.latestRoundData; // Get a reference t...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.15 views

Missing checks on return data from the chainlink

Lines of code Vulnerability details Impact MED - the function of the protocol could be impacted 1. Use stale price information resulting to wrong project's balance 2. In the case of zero price, functions using price information will revert. Proof of Concept // JBPrices::priceFor at line 69 calls...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.11 views

Insufficient oracle validation

Lines of code Vulnerability details Impact Oracle my return stale price. Proof of Concept Round completeness and the quoted timestamp are not checked to ensure that the reported price is not stale. roundId, startedAt, updatedAt, and answeredInRound are omitted from the return result of...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/27 12:0 a.m.9 views

ChainlinkOracleProvider can provide zero and stale prices

Lines of code Vulnerability details Impact As stale price is determined by time since last timestamp, the price that is most recent, but wasn't updated for more than 2 hours say there were no trades on the market will be rejected, which makes system functionality unavailable in such a case. This...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/04/21 12:0 a.m.7 views

basePrice and quotePrice values are insufficiently validated

Lines of code Vulnerability details Impact The oracle data feed basePrice and quotePrice in refreshedAssetPerBaseInUQ of ChainlinkPriceOracle.sol will be stale which results in wrong basePrice value and quotePrice value. Proof of Concept In refreshedAssetPerBaseInUQ function, it calls...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/19 12:0 a.m.11 views

latestRoundData data insufficiently validated

Lines of code Vulnerability details Impact The data returned by the Chainlink latestRoundData function may be stale. There should be checks applied on the data received from Chainlink to validate that it is not stale. Proof of Concept The ChainlinkPriceOracle contract has these two lines , int...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/12 12:0 a.m.8 views

Usage of deprecated Chainlink's latestAnswer function

Lines of code Vulnerability details Impact Contract NFTVault.sol uses Chainlink's latestAnswer as an oracle for prices of multiple assets. This function will return the last value, but it is not possible to check if the provided data is fresh. In addition latestAnswer has been marked as deprecate...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.11 views

Oracle data feed is insufficiently validated.

Handle throttle Vulnerability details Impact Price can be stale and can lead to wrong quoteAmount return value Proof of Concept Oracle data feed is insufficiently validated. There is no check for stale price and round completeness. Price can be stale and can lead to wrong quoteAmount return value...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/29 12:0 a.m.10 views

Chainlink oracle query in _validateOrder does not check that response is fresh

Handle TomFrenchBlockchain Vulnerability details Impact Potential for TreasuryManager to use a stale price to calculate the slippage limit, allowing unacceptable slippage relative to if the price feed was current. Proof of Concept EIP1271Wallet queries Chainlink for the most recent price for...

6.8AI score
Exploits0
Rows per page
Query Builder