High severity7.5NVD Advisory· Published Jun 3, 2020· Updated Jun 17, 2026
CVE-2019-20809
CVE-2019-20809
Description
The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings.
Affected products
2- Compound Finance/Compound Price Oracledescription
- Range: 1.0 - 2.0
Patches
Vulnerability mechanics
References
1- privacylog.blogspot.com/2019/10/compound-finance-zero-day-prices-can.htmlnvdMitigationThird Party Advisory
News mentions
0No linked articles in our index yet.