Lucene search
K

21 matches found

Code423n4
Code423n4
added 2023/09/14 12:0 a.m.10 views

The price update timestamp doesn't get checked, allowing for the use of stale prices

Lines of code Vulnerability details Impact It allows for the use of stale prices in cases where they will either damage the protocol or the user. Proof of Concept The protocol has a price oracle system where the price gets updated by an account with a privileged role by calling updatePrice...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.71 views

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact The getPORFeedData function in the contract StaderOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID, resulting in stale prices. The oracle wrapper calls out to a...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/03/26 12:0 a.m.9 views

Upgraded Q -> 3 from #88 [1679874647648]

Judge has assessed an item in Issue 88 as 3 risk. The relevant finding follows: L-2 Invalid and stale prices from Synthethix are not validated --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/11/10 12:0 a.m.8 views

[NAZ-M2] Lack of Price Freshness Check In Oracle.sol#latestRoundData() Allows A Stale Price To Be Used

Lines of code Vulnerability details Impact Oracle.sol should use the updatedAt value from the Oracle.sollatestRoundData function to make sure that the latest answer is recent enough to be used. Proof of Concept In the current implementation of Oracle.sollatestRoundData, there is no freshness chec...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.6 views

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact On Controller.sol and in PegOracle.sol we are using latestRoundData, but there is no check if the return value indicates stale data. This could lead to stale prices according to the Chainlink documentation: Proof of Concept Tools Used Visual Inspection...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/17 12:0 a.m.15 views

No Return Data Checks on Chainlink's latestRoundData() Might Return Stale Prices

Lines of code Vulnerability details Impact The updateExchangeRate function of FraxlendPairCore contract gets price using chainlink latestRoundData function. However it lacks the check on the return data and this might lead to stale prices. Proof of Concept ./FraxlendPairCore.sol:524: , int256...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.7 views

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact Chainlink's latestRoundData might return stale or incorrect results Proof of Concept According to Chainlink documentation, there must be a check for stale prices. It's a link of the same issue. Tools Used Solidity Visual Developer of VSCode Recommended...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.11 views

CHAINLINK’S LATESTROUNDDATA MIGHT RETURN STALE OR INCORRECT RESULTS

Lines of code Vulnerability details Impact This could lead to stale prices according to the Chainlink documentation: Proof of Concept On JBChainlinkV3PriceFeed.sol, we are using latestRoundData, but there is no check if the return value indicates stale data. function currentPriceuint256 decimals...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/05/07 12:0 a.m.10 views

Oracle Prices Could Be Stale Or Manipulated due to latestAnswer() call

Lines of code Vulnerability details Impact In calls to the Chainlink oracle, the deprecated API function latestAnswer is used. This approach is vulnerable to price manipulation and stale prices according to the Chainlink documentation. This vulnerability was marked as Medium severity in the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/02 12:0 a.m.14 views

GUniLPOracle can provide stale prices

Lines of code Vulnerability details As stale price is determined by assetUpdatedAt, which is the time since last timestamp, the price that is most recent, but wasn't updated for more than threshold, will be rejected, which makes system unavailable in such a case. In the same time real stale price...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/04/21 12:0 a.m.6 views

Insufficient oracle data feed validation

Lines of code Vulnerability details Impact Stale prices can lead to the incorrect valuation of assets Proof of Concept The code does not check the other data returned from latestRoundData which must be used to ensure that the data is not stale and that the price is valid File:...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.5 views

Oracle Prices Used Could Be Stale Or Manipulated due to latestAnswer() call

Lines of code Vulnerability details Impact In the various calls to the Chainlink oracle, the deprecated API function latestAnswer is used. This approach is vulnerable to price manipulation and stale prices according to the Chainlink documentation. This vulnerability was marked as Medium severity ...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/03/09 12:0 a.m.14 views

[WP-H3] money-market-contracts/oracle#feed_prices() delayed transaction may disrupt price feeds

Lines of code Vulnerability details The implementation only takes two attributes: asset and price. And the lastupdatedtime of the record will always be set to the current block.time. This makes it possible for the price feeds to be disrupted when the network is congested, or the endpoint is down...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.12 views

Cvx3CrvOracle does not check that Chainlink data is fresh.

Handle TomFrenchBlockchain Vulnerability details Impact Usage of stale prices when querying chainlink oracles. Proof of Concept Cvx3CrvOracle queries chainlink oracles for the prices of DAI, USDC and USDT, however it doesn't require that the response is fresh by checking which round the answer wa...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.6 views

Chainlink's latestRoundData might return stale results

Handle WatchPug Vulnerability details function peek bytes6 base, bytes6 quote, uint256 baseAmount private view returns uint256 quoteAmount, uint256 updateTime require base == ethId && quote == cvx3CrvId || base == cvx3CrvId && quote == ethId, "Invalid quote or base" ; , int256 daiPrice, , , =...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/18 12:0 a.m.6 views

SHOULD CHECK RETURN DATA FROM CHAINLINK AGGREGATORS

Handle defsec Vulnerability details Impact The latestRoundData function in the contract PriceFeed.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID. Stale prices could put funds at risk. According to Chainlink's...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2021/10/27 12:0 a.m.11 views

ChainLink price data could be stale

Handle cmichel Vulnerability details There is no check in ChainlinkAdapterEth.getPrice if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicate stale data." under...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/08/11 12:0 a.m.7 views

OracleManagerChainlink price data could be stale

Handle cmichel Vulnerability details There is no check in OracleManagerChainlink.getLatestPrice if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicate stale data."...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/08/11 12:0 a.m.10 views

OracleManagerEthKillerChainlink price data could be stale

Handle cmichel Vulnerability details There is no check in OracleManagerEthKillerChainlink.getLatestPrice if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicate stal...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/08/11 12:0 a.m.8 views

OracleManagerEthVsBtc price data could be stale

Handle cmichel Vulnerability details There is no check in OracleManagerEthVsBtc.getLatestPrice if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicate stale data."...

6.8AI score
Exploits0
Rows per page
Query Builder