Submission Details
Severity:
Lack of Stalenss check to validate the Price of an NFT
Summary
The prices of NFT are updated at interval and when the prices are fetched they are always validated against the update time to ensure that the price is not stale but the Lendingpool fails to validate the price staleness of an NFT allowing users to use Stale prices for nft price operations.
Vulnerability Details
Lack of staleness check in the get NFTprice function
/**
@audit>> * @notice Gets the current price of an NFT from the oracle
* @param tokenId The token ID of the NFT
* @return The price of the NFT
*
@audit>> * Checks if the price is stale // bug wahala we no even check if my uncle is stale
*/
function getNFTPrice(uint256 tokenId) public view returns (uint256) {
@audit>> (uint256 price, uint256 lastUpdateTimestamp) = priceOracle.getLatestPrice(tokenId); // BUG no time validation lols
@audit>> if (price == 0) revert InvalidNFTPrice();
@audit>> return price;
}
The IRAACHOUSE PRICE INTERFACE, there us a MAX price age for all NFT tokens
// SPDX-License-Identifier: MIT
interface IRAACHousePrices {
function tokenToHousePrice(uint256 _tokenId) external view returns (uint256);
function oracle() external view returns (address);
function lastUpdateTimestamp() external view returns (uint256);
function UPDATE_INTERVAL() external view returns (uint256);
@audit>>> function MAX_PRICE_AGE() external view returns (uint256); // note max price age this should be check in sales though it may not matter during liquidation but borrow against accurate Price at latest the recnt one
function tokenLastUpdateTimestamp(uint256 _tokenId) external view returns (uint256);
event PriceUpdated(uint256 indexed tokenId, uint256 newPrice);
function setOracle(address _oracle) external;
function updatePriceFromOracle(uint256 _tokenId, uint256 _newPrice) external;
@audit>>> function getLatestPrice(uint256 _tokenId) external view returns (uint256, uint256);
function setHousePrice(uint256 _tokenId, uint256 _amount) external;
}
Impact
Stale prices are used to perform borrowing, deposit and withdrawals.
Tools Used
Manual Review
Recommendations
Validate the time staleness of the NFT against the max price age.
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.