Missing Stale Price Check for Oracle Price in `LendingPool::getNFTPrice()`
Summary
The LendingPool::getNFTPrice() function is intended to fetch the current price of an NFT from the oracle and check if the price is stale. However, the function does not implement the stale price check, as indicated in its comments. This omission can lead to inaccurate collateral valuation, causing protocol bad debts or unfair liquidations.
Vulnerability Details
The getNFTPrice() function retrieves the latest price and timestamp from the oracle but does not validate whether the price is stale (i.e., whether the lastUpdateTimestamp is within an acceptable time window).
Impact
Overestimated Prices: If the price is stale and higher than the actual market value, users can borrow more assets than their collateral is worth, leading to protocol bad debts.
Underestimated Prices: If the price is stale and lower than the actual market value, users' health factors may fall below the liquidation threshold, causing unfair liquidations.
Tools Used
vscode
Recommendations
Add a stale price check to ensure the lastUpdateTimestamp is within an acceptable time window.
Lead Judging Commences
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.