5 matches found
Upgraded Q -> 2 from #385 [1699029474432]
Judge has assessed an item in Issue 385 as 2 risk. The relevant finding follows: L-03 UniV3Relayer contract works only with tokens of decimals = 18 Details When the UniV3Relayer contract is deployed; the multiplier state variable that’s going to be used to parse the price result from the aggregat...
Upgraded Q -> 2 from #430 [1699028562977]
Judge has assessed an item in Issue 430 as 2 risk. The relevant finding follows: It’s not clear which token the OD token will be paired with in order to determine the price in the uniV3Relayer contract. Then the following lines are problematic: baseAmount = uint12810...
Upgraded Q -> 2 from #221 [1699029747725]
Judge has assessed an item in Issue 221 as 2 risk. The relevant finding follows: L-02 Handling missing for case where ERC20 token has decimal 18 in CamelotRelayer & UniV3Relayer oracles Description In the constructor token decimals of an ERC20 is assumed to be = 18 which can be wrong for some...
TWAP can lead to loss of manipulation of price
Lines of code Vulnerability details Impact There are tradeoffs when choosing the length of the period of time to calculate a TWAP. Longer periods are better to protect against price manipulation, but come at the expense of a slower, and potentially less accurate, price. Proof of Concept Both the...
Rounding Bug in OracleLibrary.consult Impacting Pricing Accuracy and User Costs
Lines of code Vulnerability details Impact The rounding bug in the OracleLibrary.consult function has a significant impact on applications that rely on this function for price calculations, especially those involving asset swaps, collateral valuation, or other financial transactions. The bug caus...