Core Contracts

Description

Within the Docs of the RAAC Protocol it is highlighted that the goal is to make the NFTs minted within the protocol easily compatible for sale on third party platforms, however crucial additions to the ERC721 standard are lacking to achieve this goal.

Vulnerability Details

According to the description from the RAAC contest page, these NFTs are supposed to be integrated not only within the RAAC ecosystem itself, but users are encouraged to sell NFTs on platforms like OpenSea. For an integration as such it is crucial for the NFT to carry the necessary information, especially connected to Real World Assets as real estate.
Making it hard for users to estimate a fair price of any given RAAAC NFT will possibly cause trust issues and discourage platforms to integrate with RAAC NFT, therefore it would be critical to extend the ERC-721 standard towards ERC-7496 while updating crucial values within like last updated timestamp and price.

Impact

Sellers and Buyers on third party platforms could be over- or underpaying to acquire RAAC NFTs, since real estate price is time sensitive and potentially influenced by natural disasters. The last time any given NFT price was updated is just as crucial of information as the price itself and both should therefore be easily accessible for users of third party platforms, to prevent trust issues and give all interested parties a seamless experience.

While users within the protocol would not directly lose money, but this issue only affects third party trading, I would rate the total severity as a medium, with a High likelihood but a low to medium impact.

Tools Used

Manual Review

Recommended Mitigation

Consider implementing/extending the ERC-7496 standard to encourage third party trading of RAAC NFTs with a fair evaluation and avoid compatibility issues on third party services.