Core Contracts

Summary

The getNFTPrice function in the LendingPool contract retrieves the NFT price from the price oracle but fails to verify if the retrieved price data is up-to-date. Without a staleness check on the lastUpdateTimestamp, the contract may utilize outdated price information, leading to inaccurate collateral valuation and potential protocol risks.

Vulnerability Details

Within the getNFTPrice function, the NFT price is obtained as follows:

While the function reverts if the price is zero, it does not validate whether the lastUpdateTimestamp is recent. This lack of a staleness check means that outdated price data could be used in collateral calculations, which may result in incorrect assessments of a user’s collateral value. Even though prices are updated by oracle in RAACHousePrices.sol::setHousePrice, the oracle may be down for uncertain time, during this situation lastUpdateTimestampbecomes the last updated time which may be hours,days,weeks ago.

Impact

• Inaccurate Collateral Valuation: Outdated NFT price data can lead to improper collateral evaluations, increasing the risk of wrongful liquidations or enabling over-borrowing.

• Market Manipulation Risk: Attackers could exploit stale price data to manipulate collateral valuations, impacting the health factors of users and the overall stability of the protocol.

Tools Used

Manual audit

Recommendations

• Implement a Staleness Check: Add logic to verify that the lastUpdateTimestamp is within an acceptable time window before using the price data.

• Define a Staleness Threshold: Establish an appropriate threshold (e.g., a few minutes or hours) that determines when the price data should be considered stale.

• Secure Fallback: If the price data is determined to be stale, revert the transaction with a specific error message (e.g., PriceDataStale) to prevent further processing.