Submission Details
Severity:
The stale nft price can be used for calculating collateral value.
Summary
The stale nft price can be used for calculating collateral value.
Vulnerability Details
LendingPool.sol#getNFTPrice() function is as follows.
function getNFTPrice(uint256 tokenId) public view returns (uint256) {
(uint256 price, uint256 lastUpdateTimestamp) = priceOracle.getLatestPrice(tokenId);
if (price == 0) revert InvalidNFTPrice();
return price;
}
As we can see above, there is no stale check for oracle price. So dirty price can be used for calculating collateral vaue.
Impact
This wrong price will cause protocol's loss when real price is decreased.
Tools Used
Manual review
Recommendations
Add stale check to LendingPool.sol#getNFTPrice().
Updates
Lead Judging Commences
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
inallhonesty 7 months ago
Submission Judgement Published Assigned finding tags:
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
Prize pool breakdown
Total prize
77,280 USDC
nSLOC
3,86420
USDC / LOC
74,000
3,280
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.