Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Global `lastUpdateTimestamp` in Oracle Price Updates for Each NFT in the `setHousePrice` Function of `RAACHousePrices.sol` Contract

eta

Summary

The RAACHousePrices contract uses a global lastUpdateTimestamp for all price updates, which causes the inability to track the individual update timestamps for each NFT or asset. This approach may lead to incorrect staleness checks, as the update timestamp for one NFT may incorrectly reflect the timestamp of another, affecting the system's accuracy when determining whether prices are up to date.

Vulnerability Details

Core issue: Use of a global lastUpdateTimestamp instead of individual timestamps for each NFT in the setHousePrice Function of RAACHousePrices.sol Contract

  • Affected Functionality: Price update and staleness checking mechanisms in the getNFTPrice, withdrawNFT, borrow, finalizeLiquidation functions.

  • Issue: The use of a single timestamp for all NFT price updates means the price for NFT_A could be outdated if NFT_B is updated after NFT_A, leading to incorrect staleness checks. As a result, the system may falsely assume that the price of NFT_A is recent when it is actually outdated.

contracts/core/primitives/RAACHousePrices.sol:setHousePrice#L54

/**
* @notice Allows the owner to set the house price for a token
* @param _tokenId The ID of the RAAC token
* @param _amount The price to set for the house in USD
*
* Updates timestamp for each token individually
*/
/// @notice Timestamp of the last price update
uint256 public lastUpdateTimestamp;
function setHousePrice(
uint256 _tokenId,
uint256 _amount
) external onlyOracle {
tokenToHousePrice[_tokenId] = _amount;
// @audit lack of lastUpdateTimestamp for each NFT
lastUpdateTimestamp = block.timestamp;
emit PriceUpdated(_tokenId, _amount);
}

Impact

  • Inaccurate Staleness Checks: The price staleness check will be inaccurate, potentially causing the system to rely on outdated prices.

  • Wrong Borrowing/Liquidation Decisions: Since price freshness directly impacts critical operations like borrowing and liquidation, this flaw could lead to incorrect decisions based on stale prices.

  • Exploitation Risk: Attackers could exploit this vulnerability by triggering price updates for assets with recent updates, masking outdated prices for other assets.

Tools Used

Manual code review

Recommendations

To resolve this issue and accurately track the update timestamps for each individual asset and , the following approach is recommended:

  1. Track individual update timestamps: Modify the contract to store separate update timestamps for each token (NFT).

  2. Update the staleness check: Ensure that the getLatestPrice(), getNFTPrice() or similar functions use the individual timestamp for each asset rather than a global one.

+ struct HousePrice {
+ uint256 price;
+ uint256 lastUpdateTimestamp;
+ }
- mapping(uint256 => uint256) public tokenToHousePrice;
+ mapping(uint256 => HousePrice) public tokenToHousePrice;
function setHousePrice(uint256 _tokenId, uint256 _amount) external onlyOracle {
- tokenToHousePrice[_tokenId] = _amount;
- lastUpdateTimestamp = block.timestamp;
+ tokenToHousePrice[_tokenId] = HousePrice({
+ price: _amount,
+ lastupdateTimestamp: block.timestamp
+ });
emit PriceUpdated(_tokenId, _amount, block.timestamp);
}
function getLatestPrice(uint256 _tokenId) public view returns (uint256, uint256) {
- return (tokenToHousePrice[_tokenId], lastUpdateTimestamp);
+ HousePrice memory housePrice = tokenToHousePrice[_tokenId];
+ return housePrice.price, housePrice.lastUpdateTimestamp;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACHousePrices uses a single global lastUpdateTimestamp for all NFTs instead of per-token tracking, causing misleading price freshness data

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

RAACHousePrices uses a single global lastUpdateTimestamp for all NFTs instead of per-token tracking, causing misleading price freshness data

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!