XO-getLatestPrice function allows attacker to get price of non-existent asset.
Summary
The getLatestPrice function does not check to make sure that the asset is a valid ERC20 token. This means that an attacker could call this function with an address that does not refer to a valid ERC20 token, and the function would succeed, even though the asset is not a valid ERC20 token.
There is a vulnerability in the interface IOracle, in the getLatestPrice function does not check to make sure that the asset is a valid ERC20 token. This means that an attacker could call this function with an address that does not refer to a valid ERC20 token, and the function would succeed, even though the asset is not a valid ERC20 token.
Impact
The vulnerability can be exploited by an attacker who calls the getLatestPrice function with an address that does not refer to a valid ERC20 token.
This vulnerability allows an attacker to get the price of an asset that does not exist.
XDZIBEC
high
XO-getLatestPrice function allows attacker to get price of non-existent asset.
Summary
The
getLatestPrice
function does not check to make sure that the asset is a validERC20
token. This means that an attacker could call this function with an address that does not refer to a validERC20
token, and the function would succeed, even though the asset is not a validERC20
token.Vulnerability Detail
IOracle
, in thegetLatestPrice
function does not check to make sure that the asset is a validERC20
token. This means that an attacker could call this function with an address that does not refer to a validERC20
token, and the function would succeed, even though the asset is not a validERC20
token.Impact
getLatestPrice
function with an address that does not refer to a validERC20
token.price
of an asset that does not exist.Code Snippet
Tool used
Manual Review
Recommendation
getLatestPrice
function to make sure that the asset is a validERC20
token.