Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

`getNFTPrice()` may return STALE prices

sunless_

Summary

Function getNFTPrice() in LendingPool contract may return STALE price as there is NO validation being done on the lastUpdateTimestamp

Vulnerability Details

Function getNFTPrice() queries the oracle to fetch the latest price of the NFT.

getNFTPrice()

function getNFTPrice(uint256 tokenId) public view returns (uint256) {
(uint256 price, uint256 lastUpdateTimestamp) = priceOracle.getLatestPrice(tokenId);
if (price == 0) revert InvalidNFTPrice();
}

Notice the return value lastUpdateTimestamp. There is NO validation being done on this value as to when it was last updated.

Therefore, it is possible that it can return stale prices, which would later be used in other functions i.e. withdrawNFT() or for calculation of collateral which leads to wrong accounting.

Impact

This leads to incorrect accounting of NFT collateral value.

Tools Used

Manual

Recommendations

Consider implementing a require check which ensures that the lastUpdateTimestamp is reasonably close to current timestamp.

Updates

Lead Judging Commences

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

inallhonesty Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.