Core Contracts

Summary

The RAACPrimeRateOracle.sol::_processResponse and RAACHousePriceOracle.sol::_processResponse do not validate the returned oracle response before updating the prime rate and house prices, if the Off-chain API mistakenly calls 0 , the contract will set these invalid values, potentially disrupting lending calculations and house pricing mechanisms.

RAACPrimeRateOracle.sol:

RAACHousePriceOracle.sol:

Vulnerability Details

The _processResponse function in RAACPrimeRateOracle.sol updates lastPrimeRate and calls lendingPool.setPrimeRate(lastPrimeRate) without checking if the price is 0.

Similarly,

The _processResponse function in RAACHousePriceOracle.sol updates the house price and calls housePrices.setHousePrice(lastHouseId, price) without checking if the price is 0.

Root Cause:

The contracts blindly trust the oracle response without validating its correctness. If the off-chain API fails or returns an invalid price (0), the contracts will store and propagate this incorrect data, potentially affecting protocol functionality.

Impact

Medium impact:

Setting a prime rate of 0 could lead to incorrect lending calculations, affecting interest rate determinations in the lending Pool.

Setting a house price of 0 could invalidate pricing mechanisms, affecting protocol logic that relies on accurate property Valuations.

While the funds are not directly at risk, the issue could disrupt the normal operation of the lending and pricing systems.

Tools Used

Manual review.

Recommendations

Validate the returned price before updating state:

1. Add a require statement to reject 0 values.

For example:

Similarly, apply a validation check in RAACHousePriceOracle to reject zero values.

1. Consider a fallback mechanism:

If an invalid value is detected, use the last known valid price instead of updating to 0.
Implement event-based monitoring to track unexpected oracle responses.