Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Stale Oracle Data in LendingPool: Risk of Bad Loans & Liquidations

Deleted user

Summary:
The getNFTPrice function retrieves NFT prices from an oracle but fails to validate the freshness of the data. It does not check the lastUpdateTimestamp returned by priceOracle.getLatestPrice(tokenId), allowing stale prices to be used for collateral valuation.

Impact

  • Undercollateralized Loans: Stale prices may overvalue NFTs, enabling borrowers to take excessive loans.

  • Unfair Liquidations: Outdated prices could trigger incorrect liquidations during market volatility.

  • Protocol Insolvency Risk: Systemic mispricing threatens the entire lending pool’s collateralization ratio.

Tools Used

  • Manual code review

Recommendations

function getNFTPrice(uint256 tokenId) public view returns (uint256) {
(uint256 price, uint256 lastUpdateTimestamp) = priceOracle.getLatestPrice(tokenId);
require(
block.timestamp - lastUpdateTimestamp <= priceOracle.maxPriceAge(),
"Stale price data"
);
if (price == 0) revert InvalidNFTPrice();
return price;
}

  • Implement a maxPriceAge check in the oracle contract.

  • Add circuit breakers to pause borrowing/lending if oracle data is stale.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!