Core Contracts
Regnum Aurum Acquisition Corp
HardhatReal World AssetsNFT
77,280 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Incorrect decode response from house price oracle

sovaslava

Summary

If price will be negative, function _processResponse will incorrece decode received bytes. Because received value decoded to uint256. Contract can work only with positive numbers.

Vulnerability Details

House price could be negative if the property is collateral for the loan. In this case, the price of the property will be negative because its owner cannot sell it and if he does not repay the debt, the property will be sold - there will be a minus.

function _processResponse(bytes memory response) internal override {
uint256 price = abi.decode(response, (uint256)); // <--- uint256
housePrices.setHousePrice(lastHouseId, price);
emit HousePriceUpdated(lastHouseId, price);
}

Function is waiting only positive price.

Impact

Properties with negative price will be decoded to positive price. Incorrect calculation of collateral.

Tools Used

Manual review

Recommendations

Decode response to int256

function _processResponse(bytes memory response) internal override {
- uint256 price = abi.decode(response, (uint256));
+ int256 price = abi.decode(response, (int256));
...
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.