Submission Details
Severity:
Insufficient Price Zero Handling - LendingPool.sol
Summary
getNFTPrice reverts on zero prices but ignores staleness, allowing oracle attacks.
Vulnerability Details
priceOracle.getLatestPrice may return price = 0, which is treated as invalid, but no check exists for stale prices. An attacker could set price = 0 to block NFT operations.
Impact
NFT-related functions (deposit, borrow, repay) are disabled, causing a denial-of-service.
Tools Used
Manual Code Audit: Review
getNFTPricefor comprehensive validation.
Recommendations
Allow zero prices but validate staleness.
function getNFTPrice(uint256 tokenId) public view returns (uint256) {
(uint256 price, uint256 lastUpdate) = priceOracle.getPrice(tokenId);
require(lastUpdate > block.timestamp - 1 hours, "Price too old");
return price;
}
Updates
Lead Judging Commences
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
inallhonesty 4 months ago
Submission Judgement Published Assigned finding tags:
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420 USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.