Submission Details
Severity:
Inability to Track Per-Token Update Timestamps in `RAACHousePrices::lastUpdateTimestamp`
Summary
The variable RAACHousePrices::lastUpdateTimestamp is globally updated instead of being mapped to individual tokens, making it impossible to track the update timestamp for each token.
Vulnerability Details
function setHousePrice(
uint256 _tokenId,
uint256 _amount
) external onlyOracle {
tokenToHousePrice[_tokenId] = _amount;
lastUpdateTimestamp = block.timestamp; <==@found
emit PriceUpdated(_tokenId, _amount);
}
Impact
Unable to track the update timestamp for each token
Tools Used
Manual Review
Recommendations
Replace the global lastUpdateTimestamp with a per-token mapping:
mapping(uint256 tokenId => uint256 lastUpdateTimestamp) public tokenToLastUpdateTimestamp;
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACHousePrices uses a single global lastUpdateTimestamp for all NFTs instead of per-token tracking, causing misleading price freshness data
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
RAACHousePrices uses a single global lastUpdateTimestamp for all NFTs instead of per-token tracking, causing misleading price freshness data
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.