Exploiting Oracle Updates When Borrowing
Summary
In LendingPool.sol users can exploit the timing of oracle updates to deposit an NFT before a price update and immediately borrow against an inflated value.
Vulnerability Details
The vulnerability arises from the timing of oracle updates. A user can deposit an NFT just before the oracle updates its price, allowing them to borrow against an artificially high value. This can lead to over-collateralization and potential losses for the lending pool.
Impact
The impact of this vulnerability is significant. It can lead to users borrowing more than they should be allowed to, based on the true value of their collateral. This can result in financial losses for the lending pool and its participants.
Tools Used
Manual Review
Recommendations
To mitigate this vulnerability, consider implementing a delay between the time an NFT is deposited and when it can be used as collateral. This delay will allow the oracle to update the NFT's price, ensuring that the collateral value is accurate.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.