Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

No oracle price staleness checks for RAAC NFTs

OpaBatyo

Summary

The NFT oracle returns the latest price but no staleness checks whatsoever are applied although they should be according to the protocol.

Vulnerability Details

When RAAC NFTs are deposited as collateral inside the LendingPool, their valuation is pulled from the oracle using getNFTPrice():

/**
* @notice Gets the current price of an NFT from the oracle
* @param tokenId The token ID of the NFT
* @return The price of the NFT
*
* Checks if the price is stale
*/
function getNFTPrice(uint256 tokenId) public view returns (uint256) {
(uint256 price, uint256 lastUpdateTimestamp) = priceOracle.getLatestPrice(tokenId);
if (price == 0) revert InvalidNFTPrice();
return price;
}

Although we fetch both the price and last update timestamp, as well as the natspec stating that a price staleness check is done, none actually exists. The collateral valuation on borrows and liquidations is affected by this and can use outdated RAAC NFT prices.

Impact

Use of potentially outdated collateral NFT valuations during borrowing and liquidations.

Tools Used

Manual Review

Recommendations

Apply price staleness checks to getNFTPrice().

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!