Unrated severityNVD Advisory· Published Jun 3, 2020· Updated Aug 5, 2024

CVE-2019-20809

Description

The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings.

Affected products

Compound Finance/Compound Price Oracledescription
Compound Finance/Compound Price Oraclellm-create
Range: >=1.0, <=2.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

privacylog.blogspot.com/2019/10/compound-finance-zero-day-prices-can.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000