Critical Findings

Manipulatable Price Oracle

Severity: Critical

Ecosystem: Binance Smart Chain

Protocol: AquaSwap

Auditor: MoveJay

Report: https://github.com/Jayfromthe13th/AuquaSwap-Audit-/blob/Wallet/Audit%20report.md

Report Date: July 2024

Description:

The contract uses the ratio of the liquidity sizes of the tokens to determine the value of the liquidity token. This can be manipulated by an attacker to drain the pool.

Improper Oracle Calculations

Severity: Critical

Ecosystem: Aptos

Protocol: Aries Markets

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Nov 2022

Description:

Pyth price calculations in oracle.move are performed incorrectly. The price should be multiplied by, not divided by, the magnitude.

Missing Slippage Checks

Severity: Critical

Ecosystem: Aptos

Protocol: Eternal Finance

Auditor: OtterSec

Report: https://ottersec.notion.site/Sampled-Public-Audit-Reports-a296e98838aa4fdb8f3b192663400772

Report Date: Jan 2023

Description:

get_lp_by_cake does not properly perform slippage checks against an oracle price when swapping assets around.

Move Vulnerability Database

Critical Findings

Manipulatable Price Oracle

Improper Oracle Calculations

Missing Slippage Checks