Stale NFT Price Manipulation
Summary
Missing staleness check in price validation will cause financial losses for the protocol as malicious actors can exploit outdated NFT prices for collateral calculation.
Root Cause
In LendingPool.sol the getNFTPrice() function lacks validation for price staleness, allowing outdated prices to be used for collateral calculations.
Internal pre-conditions
NFT price oracle needs to return stale price data that differs significantly from current market value
Attack Path
Attacker waits for NFT market prices to decrease significantly
Attacker uses stale (higher) price data from oracle for collateral calculations
Protocol accepts overvalued collateral due to missing staleness validation
Impact
The protocol risks significant financial losses by accepting overvalued collateral based on stale prices. This could lead to undercollateralized positions when real NFT prices have decreased.
Mitigation
Add price staleness validation in getNFTPrice():
Lead Judging Commences
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.