Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Missing price staleness check for NFTs

0xyashar

Summary

The LendingPool might use stale prices for NFTs.

Vulnerability Details

In LendingPool.sol, there's a function called getNFTPrice which fetches the price of an NFT from RAACHousePrices:

function getNFTPrice(uint256 tokenId) public view returns (uint256) {
(uint256 price, uint256 lastUpdateTimestamp) = priceOracle.getLatestPrice(tokenId);
if (price == 0) revert InvalidNFTPrice();
return price;
}

The problem is that even though the lastUpdateTimestamp is returned in the call to getLatestPrice, the function does not check whether the price is stale by comparing it against a defined stale period. This allows the usage of outdated prices.

Impact

Since getNFTPrice is used in getUserCollateralValue and other functions to retrieve the value of the NFT, failing to check for the staleness of the price could result in using outdated prices, which might lead to incorrect collateral valuations.

Tools Used

Manual Review

Recommendations

Implement a check for a stale period to ensure that only fresh prices are used.

Updates

Lead Judging Commences

inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.