Fail to update token's timestamp for each token individually
Summary
Fail to update token's timestamp for each token individually
Vulnerability Details
In RAACHousePrices, we will update the RWA asset's price. According to the comment in the function setHousePrice, we wish to update the RWA assets' price timestamp individually. The reason that we need token's timestamp individually, we can make use of the individual token's timestamp to check whether the RWA's price is stale or not. This is important to make sure that we should not use one stale price to trade in RAAC.
The problem is that we fail to update the RWA assets' price timestamp individually. This will cause that we cannot check the stale price correctly with this global lastUpdateTimestamp.
Impact
Fail to implement updating timestamp for each token individually. This will cause that we cannot check each RWA asset's price is stale or not.
Tools Used
Manual
Recommendations
Use one mapping variable to store different NFT's price timestamp.
Lead Judging Commences
RAACHousePrices uses a single global lastUpdateTimestamp for all NFTs instead of per-token tracking, causing misleading price freshness data
RAACHousePrices uses a single global lastUpdateTimestamp for all NFTs instead of per-token tracking, causing misleading price freshness data
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.