Submission Details
Severity:
LendingPool: Does not check for stale prices of NFT
Summary
The getNFTPrice function in the LendingPool contract does not properly check for stale prices.
Also the price oracle uses a single lastUpdateTimestamp for all tokens. This could lead to the retrieval of outdated or incorrect price data, potentially causing users to act on stale information, which could result in financial loss or incorrect loan valuations.
Vulnerability Details
function getNFTPrice(uint256 tokenId) public view returns (uint256) {
(uint256 price, uint256 lastUpdateTimestamp) = priceOracle.getLatestPrice(tokenId);
if (price == 0) revert InvalidNFTPrice();
return price;
}
In RAACHousePrice.getLatestPrice:
uint256 public lastUpdateTimestamp;
function getLatestPrice(
uint256 _tokenId
) external view returns (uint256, uint256) {
return (tokenToHousePrice[_tokenId], lastUpdateTimestamp);
}
Impact
Incorrect valuation of NFT collaterals because of using stale prices
Tools Used
vscode
Recommendations
Record a update timestamp for each tokenId and check it on getNFTPrice() function
Updates
Lead Judging Commences
inallhonesty about 1 month ago
Submission Judgement Published Assigned finding tags:
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
inallhonesty about 1 month ago
Submission Judgement Published Assigned finding tags:
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.