SYM_SOL_0006 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Incorrect Calculation
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-682: Incorrect Calculation |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Low |
Description
Using Keep3rV2.current() to fetch price data exposes your contract to oracle manipulation, as an attacker only needs to alter two data points to influence the reported value. This makes the price feed unreliable for critical operations like swaps, lending, or liquidations.
Impact
If exploited, an attacker could manipulate token prices within your contract, leading to financial losses such as draining funds, executing unfair trades, or triggering unintended liquidations. This could compromise user funds and damage trust in your application.