Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

LendingPool::getNftPrice() reverts when price is 0

056Security

Summary

getNftPrice() in the Lending Pool retrieves the last updated price from the oracle. Although 0 USD is a legitimate price for real estate if its value plummets due to circumstances, the code still causes a revert in such cases.

Vulnerability Details

This issue results in a Denial of Service (DoS) and causes NFTs to become stuck in the lending pool.

function getNFTPrice(uint256 tokenId) public view returns (uint256) {
(uint256 price, uint256 lastUpdateTimestamp) = priceOracle.getLatestPrice(tokenId);
if (price == 0) revert InvalidNFTPrice(); //@audit if the price plummeted to 0, this function will revert
return price;
}

Let's consider the following scenario:

  1. Alice tokenizes 10 real estate properties, all worth 3 million USD.

  2. She deposits all of her NFTs into the lending pool.

  3. Since she is well collateralized, Alice decides to borrow 100,000 USD.

  4. The price of one of her properties drops to 0.

  5. Alice is unable to withdraw her other NFTs, causing them to become stuck. She also cannot be liquidated.

  6. This is ~2.9 million usd loss for Alice

Impact

Users will lose funds due to their NFTs becoming inaccessible.

Tools Used

  • Manual review

Recommendations

  • Treat 0 USD as a valid output.

Updates

Lead Judging Commences

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Appeal created

stanchev Submitter
7 months ago
inallhonesty Lead Judge
6 months ago
inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!