Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

NFT Price Oracle Data Staleness Not Verified

waydou

Summary

The getNFTPrice function in the LendingPool contract retrieves NFT prices from the oracle but fails to validate the staleness of the price data. This could lead to liquidations or borrowing using outdated price information.

Vulnerability Details

The function retrieves both price and timestamp but only checks if the price is non-zero:

function getNFTPrice(uint256 tokenId) public view returns (uint256) {
(uint256 price, uint256 lastUpdateTimestamp) = priceOracle.getLatestPrice(tokenId);
if (price == 0) revert InvalidNFTPrice();
return price; // lastUpdateTimestamp is never checked!
}

This price is used in critical operations but the staleness of the data is never checked

Impact

Using stale prices could lead to:

  1. Under-collateralized positions being created

  2. Delayed or missed liquidations

  3. Unfair liquidations based on outdated prices

Tools Used

Manual Review

Recommendations

Validate price staleness in getNFTPrice

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!