A user can DoS getNFTPrice and avoid liquidation by destroying the property so that value reported is 0
Summary
The function getNFTPrice() can be DoS by destroying the house in real life so that the value return by Oracle is 0. This can happen intentionally or by natural disaster
A DoS of getNFTPrice() will protect the user from liquidation, as it's called in initiateLiquidation()->calculateHealthFactor()->getUserCollateralValue(). It will cause a revert of initiateLiquidation
Vulnerability Details
The function getNFTPrice() will revert if the oracle returns 0. There are some cases when it's possible and it will prevent the user from entering into liquidation, incurring bad debt into the protocol.
UserA deposit NFTs of houseA, houseB, houseC
UserA borrows amounts against NFTs
HouseA is either destroyed intentionally (the user discovers issues with houses that will make the price drop a lot) or a natural disaster happens and totally destroys the house.
UserA cannot enter liquidation state as
initiateLiquidation()will revert because oracle return 0 ongetNFTPrice()
Impact
Users cannot be liquidated, incurring bad debt to the protocol. If the user has only one NFT it does not change much as the value is 0, but if the user has multiple NFTs on the protocol, it's impossible to get them back to mitigate the bad debt. NFTs would be stuck forever in the LendingPool, incurring loss for the protocol.
Tools Used
Manual
Recommendations
Change how strange values are handled by the Oracle. Inthe case of a natural disaster, there is a high probability that manual intervention would be required.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.