compound-finance / open-oracle Goto Github PK

Issue

The current oracle implementation that the Compound Protocol uses which is deployed at 0x4007B71e01424b2314c020fB0344b03A7C499E1A returns a price value from getUnderlyingPrice() function when the zero address (0x00) is passed.

This issue however does not break any compound protocol functionality but still getting a price value for an invalid input is not ideal.

Cause

The reason for this issue seems to be due to the addition of TokenConfig for LINK, KNC and SNX tokens. These three configs were added without a cToken address value.

Resolution

The getUnderlyingPrice() function should check the validity of the input address variable (input should not be equal to 0x00).

Bulk vulnerability fix - Lockfile fix
This pull request will update your transitive dependencies within the allowed version intervals provided by your direct dependencies.

Fixed vulnerabilities:
CVE–2019–20149 debricked

CVE–2020–15366 debricked

CVE–2020–8244 debricked

CVE–2020–7751 debricked

CVE–2020–7788 debricked

debricked–124

debricked–149662

CVE–2020–28503 debricked

CVE–2021–23362 debricked

CVE–2021–23369 debricked

CVE–2021–23383 debricked

CVE–2021–23343 debricked

CVE–2021–33502 debricked

CVE–2021–32804 debricked

CVE–2021–32803 debricked

CVE–2021–37713 debricked

CVE–2021–37712 debricked

CVE–2021–37701 debricked

CVE–2021–3777 debricked

CVE–2021–3807 debricked

CVE–2021–3918 debricked

CVE–2022–0355 debricked

CVE–2022–3517 debricked

CVE–2022–24999 debricked

CVE–2022–38900 debricked

CVE–2022–25901 debricked

CVE–2022–25881 debricked

CVE–2022–38778 debricked

CVE–2023–26115 debricked

philipjonsen#18

Remember to give a star or donate for my work :)

Hi guys, great work, I am currently checking out the contracts code,

and wondering if it is better to have many if conditions like:

function getUnderlyingIndex(address underlying) internal view returns (uint) {
if (underlying == underlying00) return 0;
if (underlying == underlying01) return 1;
if (underlying == underlying02) return 2;
if (underlying == underlying03) return 3;
if (underlying == underlying04) return 4;
if (underlying == underlying05) return 5;
if (underlying == underlying06) return 6;
...

for underlying, symbols, cTokens
than having mappings like(pseudo-code here):

underlyingAddress => TokenConfig;
symbols => TokenConfig;
cTokenAddress => TokenConfig;

i mean using ifs means you will need to go through 0 - 5 to get the 06 index every time right?

I'm just green in solidity coding, so hoping to get some insights here.

Many thanks.

Hello
I am familiar with React, Next.js,Vue.js in frontend and solidity, rust and web3.js.
I would like to be member for team.

Hollidayseins

Maybe you can create a list of Reporters somewhere on compound.finance? I don't see any motivation or incentives for reporters, but at least it could be a vanity metric like "look at me I'm providing price feeds for Compound!"