2 matches found
pricePerShare might become stale and cause to lose user funds, as update is not enforced
Handle kenzo Vulnerability details In WrappedIbbtcEth, as the code says, updatePricePerShare must be called once in a while to ensure pricePerShare is up to date. However the contract is not enforcing or validating it in any way. If for example the external server that runs the periodic update...
WrappedIbbtcEth contract will use stalled price for mint/burn if updatePricePerShare wasn't run properly
Handle hyh Vulnerability details Impact Malicious user can monitor SetPricePerShare event and, if it was run long enough time ago and market moved, but, since there were no SetPricePerShare fired, the contract's pricePerShare is outdated, so a user can mint with pricePerShare that is current for...