Real World Exploit

Price manipulation

Severity: Real World Exploit

Ecosystem: Sui

Protocol: Typus Finance

Auditor: blackhat

Report: https://medium.com/@TypusFinance/typus-finance-tlp-oracle-exploit-post-mortem-report-response-plan-ce2d0800808b

Report Date: Oct 2025

Description:

The technical cause was a missing assert check in the update_v2 function of the oracle module, found within this contract package. This flaw effectively bypassed the authorization check, allowing any address to update oracle prices.