Unrestricted Oracle Price Update

Description

The function to update oracle price data is not restricted, allowing anyone to submit updates.

Examples

Insecure Code

solidity

function setOracleData(...) public {...}

Secure Code

solidity

function setOracleData(...) onlyOwner {...}

Remediation

Add access control modifiers such as 'onlyOwner' or 'onlySybil' to restrict access to the oracle price update function.

Rule Details

Field	Value
ID	CODE-0259
Category	AccessControl
Severity	CRITICAL
CWE	CWE-284
Confidence	LOW
Impact	HIGH
Likelihood	HIGH
Exploitability	EASY
Tags	oracle, price, update, access control
OWASP	N/A

References

https://twitter.com/CertiKAlert/status/1514831117169405953
https://bscscan.com/address/0xd55f01b4b51b7f48912cd8ca3cdd8070a1a9dba5
https://twitter.com/BlockSecTeam/status/1514815673800663045
https://polygonscan.com/address/0xaA5890362f36FeaAe91aF248e84e287cE6eCD1A9
https://medium.com/@hacxyk/aave-v3s-price-oracle-manipulation-vulnerability-168e44e9e374

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Unrestricted Oracle Price Update

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Unrestricted Oracle Price Update ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

References ​

Unrestricted Oracle Price Update

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

References