5 matches found
Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation
Lines of code Vulnerability details Impact The contracts functions have used UniswapV3.slot0 to get the value of sqrtPriceX96 which it use to perform the swap, however the sqrtPriceX96 gotten from Uniswap.slot0 is the most recent data point and can be manipulated easily via MEV bots & Flashloans...
Reth deposit conditionally relies on unreliable price source.
Lines of code Vulnerability details Impact Deposits are exposed to unnecessary risk by using Uni v3 Weth/Reth Pool as an oracle. It is also possible for staking to be inoperable due to over/underflow. Proof of Concept In the event of !poolCanDepositmsg.value in Reth.sol deposit, this derivative...
Unsafe downcasting in TWA.sol truncate TWAP price
Lines of code Vulnerability details Impact Unsafe casting operation in TWA.sol truncation price. Proof of Concept the pool relies on the TWAP price to function properly, however, the code in TWA.sol sliently downcasting the price, which can truncate the price and affect user's trading unexpectedl...
Improper Validation Of Chainlink's latestRoundData() Function
Lines of code Vulnerability details Impact The calls to the latestRoundData function do not validate the output of the Chainlink oracle query. As a result, it is possible to use stale results when returning the TWAP price. latestRoundData is able to ensure the round is complete and has returned a...
Price feed can be manipulated
Vulnerability details Anyone can trigger an update to the price feed by calling PriceAware.getCurrentPriceInPegtoken, inAmount, forceCurBlock=true. If the update window has passed, the price will be computed by simulating a Uniswap-like trade with the amounts. This simulation uses the reserves of...