Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Staleness is not checked when calling the function getNFTprice

minusone

Summary

The function getNFTPrice claims to checks for staleness in Chainlink but doesn't actually make the check

Vulnerability Details

Observe the following code

/**
* @notice Gets the current price of an NFT from the oracle
* @param tokenId The token ID of the NFT
* @return The price of the NFT
*
* Checks if the price is stale
*/
function getNFTPrice(uint256 tokenId) public view returns (uint256) {
(uint256 price, uint256 lastUpdateTimestamp) = priceOracle.getLatestPrice(tokenId);
if (price == 0) revert InvalidNFTPrice();
return price;
}

The function getNFTPrice is supposed to use chainlink price feeds to fetch the latest price of the real estate NFT. It fetches both the price and the timestamp. The latter is used to check if the price is stale as shown by the comments above. However, the function simply fetches the prices; it doesn't use that information to check for price staleness.

Impact

Stale prices can cause solvent users to be unfairly liquidated and Insolvent users to appear solvent

Tools Used

Manual Review

Recommendations

Add a check for stale prices

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!