Missing stale price check in LendingPool.sol::getNFTPrice() can lead to incorrect health factor calculations
Summary
The getNFTPrice() function in LendingPool.sol does not validate whether the retrieved price is stale. This function is crucial in determining a user's collateral value, directly affecting borrowing limits and liquidation calculations. Without a staleness check, outdated prices could lead to incorrect health factor assessments and failed liquidation triggers.
Vulnerability Details
The function retrieves the NFT price using Chainlink price feeds:
However, there is no validation ensuring that lastUpdateTimestamp is recent. If the oracle fails to update prices due to network issues or downtime, the function may return outdated values. This can result in incorrect calculations when assessing user health factors.
Impact
Unintended Liquidation: Users may be liquidated if their asset price increases but the oracle fails to update in time.
Failed Liquidations: Users may not be liquidated even when required, as the outdated price prevents the liquidation process from triggering.
Over-Borrowing: Users may borrow more than they should if the outdated price is higher than the actual market value.
Protocol Disruptions
An outdated price may cause incorrect health factor calculations, leading to wrongful liquidations or over-borrowing.
If asset prices decline but remain outdated due to oracle issues, users may borrow against an inflated valuation, increasing risk for the protocol.
PoC
Consider a scenario where:
The NFT price is retrieved at 5,000, but getNFTPrice() continues returning the stale $10,000 value.
Users can still borrow based on the outdated price, exposing the protocol to under-collateralized loans.
Conversely, if prices increase but remain outdated, users might be liquidated unfairly.
Tools Used
Manual review
Recommendations
To prevent stale prices from affecting the protocol, implement the following safeguards:
Check for staleness – Introduce a threshold to ensure lastUpdateTimestamp is within an acceptable range (e.g., within the last few hours). If the timestamp is outdated, revert the transaction.
Implement a fallback mechanism – Utilize a secondary price feed to provide redundancy in case the primary oracle fails.
Lead Judging Commences
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
LendingPool::getNFTPrice or getPrimeRate doesn't validate timestamp staleness despite claiming to, allowing users to exploit outdated collateral values during price drops
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.