10 matches found
Staleness Vulnerability in chainlinkAdaptor's getAssetPrice function
Lines of code Vulnerability details Impact The current implementation of the getAssetPrice function in the chainlinkAdaptor contract lacks a crucial check for the heartbeat of the data feed, introducing a potential risk of consuming stale data. This issue is exacerbated by the fact that different...
Incorrect Accrual Of sumNative and sumUSD In Producing Consultation Results
Handle leastwood Vulnerability details Vulnerability details Impact The TwapOracle.consult function iterates over all token pairs which belong to either VADER or USDV and then calculates the price of the respective asset by using both UniswapV2 and Chainlink price data. This helps to further...
Unbounded loops
Handle pauliax Vulnerability details Impact There are several loops in the contract which can eventually grow so large as to make future operations of the contract cost too much gas to fit in a block. Specifically, in contract TwapOracle there is no upper boundary on how many pairs can be...
Newly Registered Assets Skew Consultation Results
Handle leastwood Vulnerability details Impact The TwapOracle.consult function iterates over all token pairs which belong to either VADER or USDV and then calculates the price of the respective asset by using both UniswapV2 and Chainlink price data. This helps to further protect against price...
TWAPOracle might register with wrong token order
Handle cmichel Vulnerability details The TWAPOracle.registerPair function takes in a factory and token0, token1. The function accepts a factory argument which means any Uniswap-like factory can be used. When using the actual Uniswap factory's IUniswapV2Factoryfactory.getPairtoken0, token1 call, i...
TWAPOracle.getRate does not scale the ratio
Handle cmichel Vulnerability details The TWAPOracle.getRate function simply performs an integer division to compute the rate. function getRate public view returns uint256 result uint256 tUSDInUSDV = consultUSDV; uint256 tUSDInVader = consultVADER; // @audit shouldn't this scale by 1e18 first?...
Lacking Validation Of Chainlink' Oracle Queries
Handle leastwood Vulnerability details Impact TwapOracle.consult is missing additional validations to ensure that the round is complete and has returned a valid/expected price. The consult improperly casts an int256 price to uint256 without first checking the value. As a result, the variable may...
Should a Chainlink aggregator become stuck in a stale state then TwapOracle will become irrecoverably broken
Handle TomFrench Vulnerability details Impact Inability to call consult on the TwapOracle and so calculate the exchange rate between USDV and VADER. Proof of Concept Should any of the Chainlink aggregators used by the TwapOracle becomes stuck in such a state that the check on L143-146 of...
Permissioned nature of TwapOracle allows owner to manipulate oracle
Handle TomFrench Vulnerability details Impact Potentially frozen or purposefully inaccurate USDV:VADER price feed. Proof of Concept Only the owner of TwapOracle can call update on the oracle. Should the owner desire they could cease calling update on the oracle for a period. Over this period the...
Unbounded loop in TwapOracle.update can result in oracle being locked
Handle TomFrench Vulnerability details Impact Loss of ability of TwapOracle to update should too many pools be added. Proof of Concept TwapOracle allows an unlimited number of pairs to be added and has no way of removing pairs after the fact. At the same time TwapOracle.update iterates through al...