RAACHousePriceOracle::_processResponse could process response but can't set prices due to misconfiguration
Summary
The RAACHousePriceOracle is for using oracles to fetch house pricing data from off-chain api and allows an oracle to update prices. This is for off-chain mechanism, however it's unlikely to work because the oracle isn't set which don't let the owner set the house prices.
Vulnerability Details
The RAACHousePrices is initialized as :
However to set the house price , there is a validation of modifier onlyOracle which should be set with setOracle. So by default it's address(0). The function _processResponse is used to process the response and set the house price based on off-chain mechanisms.
So this calls the underlying function RAACHousePrices::setHousePrice, which updates the state mechanism and stores it on chain. However it has a modifier check in place, onlyOracle which checks if the msg.sender is the oracle variable initialized in the contract. This could be set by setOracle function :
So the _processResponse is likely to fail and will never be able to set price which was fetched from off-chain component.
Impact
Unable to process request and set house prices as intended after getting the response.
Tools Used
Manual review
Recommendations
Add the following line to constructor of the RAACHousePriceOracle :
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.