Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Missing Price Staleness Check in getNFTPrice Allows Use of Outdated Valuations

skidd0016

Link to Affected Code:

https://github.com/Cyfrin/2025-02-raac/blob/89ccb062e2b175374d40d824263a4c0b601bcb7f/contracts/core/pools/LendingPool/LendingPool.sol#L591-L595

function getNFTPrice(uint256 tokenId) public view returns (uint256) {
(uint256 price, uint256 lastUpdateTimestamp) = priceOracle.getLatestPrice(tokenId);
if (price == 0) revert InvalidNFTPrice();
return price;
// @audit no staleness check in nft price
}

Description:
The getNFTPrice() function retrieves both price and timestamp from the oracle but fails to validate the timestamp freshness. While the function comment states "Checks if the price is stale", no such validation exists. This allows potentially outdated NFT valuations to be used in critical lending operations.

Impact:

  • Using outdated prices for collateral valuation

  • Incorrect liquidation triggers

  • Manipulation of borrowing power

Recommended Mitigation:
Add staleness validation, example like this :

uint256 public constant PRICE_FRESHNESS_THRESHOLD = 1 days;
function getNFTPrice(uint256 tokenId) public view returns (uint256) {
(uint256 price, uint256 lastUpdateTimestamp) = priceOracle.getLatestPrice(tokenId);
if (price == 0) revert InvalidNFTPrice();
if (block.timestamp - lastUpdateTimestamp > PRICE_FRESHNESS_THRESHOLD)
revert StalePriceOracle();
return price;
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.