Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Missing check House price's staleness in RAACNFT::mint()

x1485967

Summary

Missing check House price's staleness in RAACNFT::mint()

Vulnerability Details

In RAACNFT::mint(), users can transfer some funds to buy one RWA NFT according to this RWA NFT's price.

The problem here is that we get the price from raac_hp.tokenToHousePrice(_tokenId). But we miss checking whether this price is staleness. If the price is staleness and less than the actual price, users may buy this RWA with one lower price than expected.

function mint(uint256 _tokenId, uint256 _amount) public override {
uint256 price = raac_hp.tokenToHousePrice(_tokenId);
if(price == 0) { revert RAACNFT__HousePrice(); }
if(price > _amount) { revert RAACNFT__InsufficientFundsMint(); }
token.safeTransferFrom(msg.sender, address(this), _amount);
}

Impact

The house price may be staleness. Users may buy this house with one lower price.

Tools Used

Manual

Recommendations

Use the getLatestPrice interface to get the latest price and the last update timestamp. Check the last update timestamp and make sure the house price is not staleness.

Updates

Lead Judging Commences

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

inallhonesty Lead Judge 3 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.