`LendingPool::getNFTPrice()` can use outdated and stale price
Summary
LendingPool::getNFTPrice() can use outdated and stale price
Vulnerability Details
LendingPool::getNFTPrice() has the following code:
This calls the following function:
Firstly, the getNFTPrice() has a comment above the function which mentions that it checks the price is not stale. However, the only check is that the price is not 0 which does not, at all, guarantee that the price is fresh. Secondly, we are using cached values in the contract which can be very old, this will result in potentially using stale prices. This can also be abused by frontrunning the price update if the price will decrease, by taking use of the currently higher prices.
Impact
Prices can be stale as no check disallows it
Tools Used
Manual Review
Recommendations
Implement a staleness check
Lead Judging Commences
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.