SYM_SOL_0022 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Incorrect Calculation
| Property | Value |
|---|---|
| Language | solidity |
| Severity |  |
| CWE | CWE-682: Incorrect Calculation |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Medium |
Description
The price oracle calculates token prices based on current reserves and total supply, but does not protect against rapid manipulation (e.g., via flashloans). This allows attackers to temporarily skew prices and exploit the system before the calculation resets.
Impact
An attacker can use flashloans to artificially inflate or deflate asset prices, enabling theft of funds, draining of liquidity pools, or unfair arbitrage. This could lead to major financial losses and undermine trust in your smart contract or platform.